Vulnerabilites related to Rockwell Automation - Connected Components Workbench
CVE-2021-27471 (GCVE-0-2021-27471)
Vulnerability from cvelistv5
Published
2022-03-23 19:46
Modified
2025-04-16 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the Connected Components Workbench software. User interaction is required for this exploit to be successful.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01 | x_refsource_CONFIRM | |
| https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Connected Components Workbench |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.216Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-27471",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:30:46.601580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:58:57.027Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Connected Components Workbench",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "v12.00.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mashav Sapir of Claroty reported these vulnerabilities to Rockwell Automation."
}
],
"descriptions": [
{
"lang": "en",
"value": "The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the Connected Components Workbench software. User interaction is required for this exploit to be successful."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-23T19:46:37.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435"
}
],
"solutions": [
{
"lang": "en",
"value": "Rockwell Automation recommends users of the affected software update to an available software revision (Connected Components Workbench v13.00.00 or later) that addresses the associated risk. "
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Connected Components Workbench Path Traversal",
"workarounds": [
{
"lang": "en",
"value": "Users who are unable to update are directed towards risk mitigation strategies provided below, and are encouraged, when possible, to combine these with Rockwell Automation\u2019s general security guidelines to employ multiple strategies simultaneously.\nIf upgrade is not possible, Rockwell Automation recommends deploying the following mitigations:\n Run Connected Components Workbench as a User, not as an Administrator, to minimize the impact of malicious code on the infected system.\n Do not open untrusted .ccwarc, files with Connected Components Workbench. Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack.\n Use of Microsoft AppLocker or other similar allow list applications can help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at KnowledgeBase Article QA17329 (login required).\n Ensure the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.\n\nFor more information, please see the industrial security advisory from Rockwell Automation. "
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27471",
"STATE": "PUBLIC",
"TITLE": "Rockwell Automation Connected Components Workbench Path Traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Connected Components Workbench",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "v12.00.00"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mashav Sapir of Claroty reported these vulnerabilities to Rockwell Automation."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the Connected Components Workbench software. User interaction is required for this exploit to be successful."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01"
},
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435",
"refsource": "CONFIRM",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435"
}
]
},
"solution": [
{
"lang": "en",
"value": "Rockwell Automation recommends users of the affected software update to an available software revision (Connected Components Workbench v13.00.00 or later) that addresses the associated risk. "
}
],
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Users who are unable to update are directed towards risk mitigation strategies provided below, and are encouraged, when possible, to combine these with Rockwell Automation\u2019s general security guidelines to employ multiple strategies simultaneously.\nIf upgrade is not possible, Rockwell Automation recommends deploying the following mitigations:\n Run Connected Components Workbench as a User, not as an Administrator, to minimize the impact of malicious code on the infected system.\n Do not open untrusted .ccwarc, files with Connected Components Workbench. Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack.\n Use of Microsoft AppLocker or other similar allow list applications can help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at KnowledgeBase Article QA17329 (login required).\n Ensure the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.\n\nFor more information, please see the industrial security advisory from Rockwell Automation. "
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27471",
"datePublished": "2022-03-23T19:46:37.000Z",
"dateReserved": "2021-02-19T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:58:57.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27475 (GCVE-0-2021-27475)
Vulnerability from cvelistv5
Published
2022-03-23 19:46
Modified
2025-04-16 17:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01 | x_refsource_CONFIRM | |
| https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Connected Components Workbench |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-27475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:30:43.735807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T17:58:45.843Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Connected Components Workbench",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "v12.00.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mashav Sapir of Claroty reported these vulnerabilities to Rockwell Automation."
}
],
"descriptions": [
{
"lang": "en",
"value": "Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-23T19:46:38.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435"
}
],
"solutions": [
{
"lang": "en",
"value": "Rockwell Automation recommends users of the affected software update to an available software revision (Connected Components Workbench v13.00.00 or later) that addresses the associated risk. "
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Connected Components Workbench Deserialization of Untrusted Data",
"workarounds": [
{
"lang": "en",
"value": "Users who are unable to update are directed towards risk mitigation strategies provided below, and are encouraged, when possible, to combine these with Rockwell Automation\u2019s general security guidelines to employ multiple strategies simultaneously.\nIf upgrade is not possible, Rockwell Automation recommends deploying the following mitigations:\n Run Connected Components Workbench as a User, not as an Administrator, to minimize the impact of malicious code on the infected system.\n Do not open untrusted .ccwarc, files with Connected Components Workbench. Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack.\n Use of Microsoft AppLocker or other similar allow list applications can help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at KnowledgeBase Article QA17329 (login required).\n Ensure the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.\n\nFor more information, please see the industrial security advisory from Rockwell Automation. "
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27475",
"STATE": "PUBLIC",
"TITLE": "Rockwell Automation Connected Components Workbench Deserialization of Untrusted Data"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Connected Components Workbench",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "v12.00.00"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mashav Sapir of Claroty reported these vulnerabilities to Rockwell Automation."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01"
},
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435",
"refsource": "CONFIRM",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435"
}
]
},
"solution": [
{
"lang": "en",
"value": "Rockwell Automation recommends users of the affected software update to an available software revision (Connected Components Workbench v13.00.00 or later) that addresses the associated risk. "
}
],
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Users who are unable to update are directed towards risk mitigation strategies provided below, and are encouraged, when possible, to combine these with Rockwell Automation\u2019s general security guidelines to employ multiple strategies simultaneously.\nIf upgrade is not possible, Rockwell Automation recommends deploying the following mitigations:\n Run Connected Components Workbench as a User, not as an Administrator, to minimize the impact of malicious code on the infected system.\n Do not open untrusted .ccwarc, files with Connected Components Workbench. Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack.\n Use of Microsoft AppLocker or other similar allow list applications can help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at KnowledgeBase Article QA17329 (login required).\n Ensure the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.\n\nFor more information, please see the industrial security advisory from Rockwell Automation. "
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27475",
"datePublished": "2022-03-23T19:46:38.000Z",
"dateReserved": "2021-02-19T00:00:00.000Z",
"dateUpdated": "2025-04-16T17:58:45.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27473 (GCVE-0-2021-27473)
Vulnerability from cvelistv5
Published
2022-03-23 19:46
Modified
2025-04-16 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive file that, when opened by Connected Components Workbench, will allow the attacker to gain the privileges of the software. If the software is running at SYSTEM level, the attacker will gain admin level privileges. User interaction is required for this exploit to be successful.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01 | x_refsource_CONFIRM | |
| https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rockwell Automation | Connected Components Workbench |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-27473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:55:25.259921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:38:45.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Connected Components Workbench",
"vendor": "Rockwell Automation",
"versions": [
{
"lessThanOrEqual": "v12.00.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mashav Sapir of Claroty reported these vulnerabilities to Rockwell Automation."
}
],
"descriptions": [
{
"lang": "en",
"value": "Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive file that, when opened by Connected Components Workbench, will allow the attacker to gain the privileges of the software. If the software is running at SYSTEM level, the attacker will gain admin level privileges. User interaction is required for this exploit to be successful."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-23T19:46:36.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435"
}
],
"solutions": [
{
"lang": "en",
"value": "Rockwell Automation recommends users of the affected software update to an available software revision (Connected Components Workbench v13.00.00 or later) that addresses the associated risk. "
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rockwell Automation Connected Components Workbench Improper Input Validation",
"workarounds": [
{
"lang": "en",
"value": "Users who are unable to update are directed towards risk mitigation strategies provided below, and are encouraged, when possible, to combine these with Rockwell Automation\u2019s general security guidelines to employ multiple strategies simultaneously.\nIf upgrade is not possible, Rockwell Automation recommends deploying the following mitigations:\n Run Connected Components Workbench as a User, not as an Administrator, to minimize the impact of malicious code on the infected system.\n Do not open untrusted .ccwarc, files with Connected Components Workbench. Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack.\n Use of Microsoft AppLocker or other similar allow list applications can help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at KnowledgeBase Article QA17329 (login required).\n Ensure the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.\n\nFor more information, please see the industrial security advisory from Rockwell Automation. "
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27473",
"STATE": "PUBLIC",
"TITLE": "Rockwell Automation Connected Components Workbench Improper Input Validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Connected Components Workbench",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "v12.00.00"
}
]
}
}
]
},
"vendor_name": "Rockwell Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mashav Sapir of Claroty reported these vulnerabilities to Rockwell Automation."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive file that, when opened by Connected Components Workbench, will allow the attacker to gain the privileges of the software. If the software is running at SYSTEM level, the attacker will gain admin level privileges. User interaction is required for this exploit to be successful."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01"
},
{
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435",
"refsource": "CONFIRM",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435"
}
]
},
"solution": [
{
"lang": "en",
"value": "Rockwell Automation recommends users of the affected software update to an available software revision (Connected Components Workbench v13.00.00 or later) that addresses the associated risk. "
}
],
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Users who are unable to update are directed towards risk mitigation strategies provided below, and are encouraged, when possible, to combine these with Rockwell Automation\u2019s general security guidelines to employ multiple strategies simultaneously.\nIf upgrade is not possible, Rockwell Automation recommends deploying the following mitigations:\n Run Connected Components Workbench as a User, not as an Administrator, to minimize the impact of malicious code on the infected system.\n Do not open untrusted .ccwarc, files with Connected Components Workbench. Employ training and awareness programs to educate users on the warning signs of a phishing or social engineering attack.\n Use of Microsoft AppLocker or other similar allow list applications can help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at KnowledgeBase Article QA17329 (login required).\n Ensure the least-privilege user principle is followed, and user/service account access to shared resources (such as a database) is only granted with a minimum number of rights as needed.\n\nFor more information, please see the industrial security advisory from Rockwell Automation. "
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27473",
"datePublished": "2022-03-23T19:46:36.000Z",
"dateReserved": "2021-02-19T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:38:45.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202204-1767
Vulnerability from variot
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of ccwsln files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1767",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "connected components workbench",
"scope": null,
"trust": 0.7,
"vendor": "rockwell automation",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-584"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-584"
}
],
"trust": 0.7
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "ZDI-22-584",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "ZDI-22-584",
"trust": 0.7,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-584"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of ccwsln files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process.",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-584"
}
],
"trust": 0.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-15177",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-584",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-584"
}
]
},
"id": "VAR-202204-1767",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2022-05-17T02:08:51.957000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Rockwell Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-584"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-584"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-584"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-05T00:00:00",
"db": "ZDI",
"id": "ZDI-22-584"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-05T00:00:00",
"db": "ZDI",
"id": "ZDI-22-584"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation Connected Components Workbench ccwsln File Parsing XML External Entity Processing Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-584"
}
],
"trust": 0.7
}
}
var-202105-1523
Vulnerability from variot
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited. * Deserialization of untrusted data (CWE-502) - CVE-2021-27475 ‥ * Path traversal (CWE-22) - CVE-2021-27471 ‥ * Incorrect input confirmation (CWE-20) - CVE-2021-27473The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2021-27475 ‥ * When a local user opens a malicious file created by a third party with the corresponding product, the existing file is overwritten or a new file is created with the authority of the corresponding product. - CVE-2021-27471 ‥ * Illegal created by a malicious user .ccwarc By opening the archive file with the corresponding product, the authority of the product is acquired. - CVE-2021-27473. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. An automatic programming software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-1523",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "connected components workbench",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.00.00"
},
{
"model": "connected components workbench",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "connected components workbench",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "v12.00.00 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "NVD",
"id": "CVE-2021-27475"
}
]
},
"cve": "CVE-2021-27475",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-27475",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-386742",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-27475",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-001430",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27475",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-27475",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2021-001430",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-805",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-386742",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386742"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-805"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-27475"
},
{
"db": "NVD",
"id": "CVE-2021-27475"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited. * Deserialization of untrusted data (CWE-502) - CVE-2021-27475 \u2025 * Path traversal (CWE-22) - CVE-2021-27471 \u2025 * Incorrect input confirmation (CWE-20) - CVE-2021-27473The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2021-27475 \u2025 * When a local user opens a malicious file created by a third party with the corresponding product, the existing file is overwritten or a new file is created with the authority of the corresponding product. - CVE-2021-27471 \u2025 * Illegal created by a malicious user .ccwarc By opening the archive file with the corresponding product, the authority of the product is acquired. - CVE-2021-27473. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. An automatic programming software",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27475"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-386742"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-21-133-01",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2021-27475",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU95873084",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001430",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.1650",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051401",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-805",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-386742",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386742"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-805"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-27475"
}
]
},
"id": "VAR-202105-1523",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-386742"
}
],
"trust": 0.58214287
},
"last_update_date": "2024-08-14T12:14:56.019000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "industrial\u00a0security\u00a0advisory\u00a0from\u00a0Rockwell\u00a0Automation\u00a0( Login required )",
"trust": 0.8,
"url": "https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1131435"
},
{
"title": "Rockwell Automation Connected Components Workbench Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150448"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-805"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
},
{
"problemtype": "Incorrect input confirmation (CWE-20) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Path traversal (CWE-22) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Deserialization of untrusted data (CWE-502) [IPA Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386742"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "NVD",
"id": "CVE-2021-27475"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435"
},
{
"trust": 1.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-01"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu95873084"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-27475/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051401"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1650"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386742"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-805"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-27475"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-386742"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-805"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-27475"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-386742"
},
{
"date": "2021-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"date": "2021-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-805"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-03-23T20:15:09.270000",
"db": "NVD",
"id": "CVE-2021-27475"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-29T00:00:00",
"db": "VULHUB",
"id": "VHN-386742"
},
{
"date": "2021-05-17T08:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"date": "2022-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-805"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-03-29T17:59:46.810000",
"db": "NVD",
"id": "CVE-2021-27475"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-805"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 Made \u00a0Connected\u00a0Components\u00a0Workbench\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-805"
}
],
"trust": 0.6
}
}
var-202105-1524
Vulnerability from variot
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive file that, when opened by Connected Components Workbench, will allow the attacker to gain the privileges of the software. If the software is running at SYSTEM level, the attacker will gain admin level privileges. User interaction is required for this exploit to be successful. * Deserialization of untrusted data (CWE-502) - CVE-2021-27475 ‥ * Path traversal (CWE-22) - CVE-2021-27471 ‥ * Incorrect input confirmation (CWE-20) - CVE-2021-27473The expected impact depends on each vulnerability, but it may be affected as follows. * When a local user opens a malicious serialized object created by a third party in the product, the code is executed remotely. - CVE-2021-27475 ‥ * When a local user opens a malicious file created by a third party with the corresponding product, the existing file is overwritten or a new file is created with the authority of the corresponding product. - CVE-2021-27471 ‥ * Illegal created by a malicious user .ccwarc By opening the archive file with the corresponding product, the authority of the product is acquired. - CVE-2021-27473. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. An automatic programming software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-1524",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "connected components workbench",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.00.00"
},
{
"model": "connected components workbench",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "connected components workbench",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "v12.00.00 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "NVD",
"id": "CVE-2021-27473"
}
]
},
"cve": "CVE-2021-27473",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2021-27473",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-386740",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.5,
"id": "CVE-2021-27473",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"id": "CVE-2021-27473",
"impactScore": 3.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2021-001430",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27473",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-27473",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2021-001430",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-802",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-386740",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386740"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-802"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-27473"
},
{
"db": "NVD",
"id": "CVE-2021-27473"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths specified within the .ccwarc archive file during extraction. This type of vulnerability is also commonly referred to as a Zip Slip. A local, authenticated attacker can create a malicious .ccwarc archive file that, when opened by Connected Components Workbench, will allow the attacker to gain the privileges of the software. If the software is running at SYSTEM level, the attacker will gain admin level privileges. User interaction is required for this exploit to be successful. * Deserialization of untrusted data (CWE-502) - CVE-2021-27475 \u2025 * Path traversal (CWE-22) - CVE-2021-27471 \u2025 * Incorrect input confirmation (CWE-20) - CVE-2021-27473The expected impact depends on each vulnerability, but it may be affected as follows. * When a local user opens a malicious serialized object created by a third party in the product, the code is executed remotely. - CVE-2021-27475 \u2025 * When a local user opens a malicious file created by a third party with the corresponding product, the existing file is overwritten or a new file is created with the authority of the corresponding product. - CVE-2021-27471 \u2025 * Illegal created by a malicious user .ccwarc By opening the archive file with the corresponding product, the authority of the product is acquired. - CVE-2021-27473. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. An automatic programming software",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27473"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-386740"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27473",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSA-21-133-01",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU95873084",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001430",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.1650",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051401",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-802",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-386740",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386740"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-802"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-27473"
}
]
},
"id": "VAR-202105-1524",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-386740"
}
],
"trust": 0.58214287
},
"last_update_date": "2024-08-14T12:33:07.385000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "industrial\u00a0security\u00a0advisory\u00a0from\u00a0Rockwell\u00a0Automation\u00a0( Login required )",
"trust": 0.8,
"url": "https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1131435"
},
{
"title": "Rockwell Automation Connected Components Workbench Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150445"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-802"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
},
{
"problemtype": "Incorrect input confirmation (CWE-20) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Path traversal (CWE-22) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Deserialization of untrusted data (CWE-502) [IPA Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386740"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "NVD",
"id": "CVE-2021-27473"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435"
},
{
"trust": 1.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-01"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu95873084"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051401"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1650"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-27473/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386740"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-802"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-27473"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-386740"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-802"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-27473"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-386740"
},
{
"date": "2021-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"date": "2021-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-802"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-03-23T20:15:09.153000",
"db": "NVD",
"id": "CVE-2021-27473"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-29T00:00:00",
"db": "VULHUB",
"id": "VHN-386740"
},
{
"date": "2021-05-17T08:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"date": "2022-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-802"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-03-29T17:50:48.963000",
"db": "NVD",
"id": "CVE-2021-27473"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-802"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 Made \u00a0Connected\u00a0Components\u00a0Workbench\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-802"
}
],
"trust": 0.6
}
}
var-202203-1574
Vulnerability from variot
When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality. Rockwell Automation ISaGRAF is an automation software technology developed by Rockwell Automation in the United States for creating integrated automation solutions. It is designed to be scalable and portable, suitable for developing small controllers and large distributed automation systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-1574",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safety instrumented systems workstation",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "1.1"
},
{
"model": "isagraf",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.6.9"
},
{
"model": "connected components workbench",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.0"
},
{
"model": "connected components workbench",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "isagraf workbench",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "safety instrumented systems workstation",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001497"
},
{
"db": "NVD",
"id": "CVE-2022-1018"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya of Trend Micro\u2019s Zero Day Initiative reported this vulnerability to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2478"
}
],
"trust": 0.6
},
"cve": "CVE-2022-1018",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1018",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-417838",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1018",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-001497",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1018",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-1018",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2022-001497",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-2478",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-417838",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417838"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001497"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2478"
},
{
"db": "NVD",
"id": "CVE-2022-1018"
},
{
"db": "NVD",
"id": "CVE-2022-1018"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "When opening a malicious solution file provided by an attacker, the application suffers from an XML external entity vulnerability due to an unsafe call within a dynamic link library file. An attacker could exploit this to pass data from local files to a remote web server, leading to a loss of confidentiality. Rockwell Automation ISaGRAF is an automation software technology developed by Rockwell Automation in the United States for creating integrated automation solutions. It is designed to be scalable and portable, suitable for developing small controllers and large distributed automation systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1018"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001497"
},
{
"db": "VULHUB",
"id": "VHN-417838"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-22-088-01",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2022-1018",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU95792273",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001497",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2478",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.1331",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022033008",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-417838",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417838"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001497"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2478"
},
{
"db": "NVD",
"id": "CVE-2022-1018"
}
]
},
"id": "VAR-202203-1574",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-417838"
}
],
"trust": 0.58214287
},
"last_update_date": "2024-11-23T23:03:54.406000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "VERSIONS Rockwell\u00a0Automation",
"trust": 0.8,
"url": "https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx?crumb=112\u0026mode=3\u0026refSoft=1\u0026versions=59954"
},
{
"title": "Rockwell Automation ISaGRAF Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=187203"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001497"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2478"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-611",
"trust": 1.1
},
{
"problemtype": "XML Improper restriction of external entity references (CWE-611) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417838"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001497"
},
{
"db": "NVD",
"id": "CVE-2022-1018"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95792273/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1331"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-088-01"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022033008"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1018/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417838"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001497"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2478"
},
{
"db": "NVD",
"id": "CVE-2022-1018"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-417838"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001497"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2478"
},
{
"db": "NVD",
"id": "CVE-2022-1018"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-417838"
},
{
"date": "2022-03-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001497"
},
{
"date": "2022-03-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2478"
},
{
"date": "2022-04-01T23:15:12.177000",
"db": "NVD",
"id": "CVE-2022-1018"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-12T00:00:00",
"db": "VULHUB",
"id": "VHN-417838"
},
{
"date": "2022-07-26T08:30:00",
"db": "JVNDB",
"id": "JVNDB-2022-001497"
},
{
"date": "2022-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2478"
},
{
"date": "2024-11-21T06:39:52.100000",
"db": "NVD",
"id": "CVE-2022-1018"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2478"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 Made \u00a0ISaGRAF\u00a0 In \u00a0XML\u00a0 Improper restriction vulnerability in external entity reference",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-001497"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2478"
}
],
"trust": 0.6
}
}
var-202203-1921
Vulnerability from variot
Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rockwell Automation The following vulnerabilities exist in multiple products provided by . * Mistake of type (CWE-843) - CVE-2022-1096If the vulnerability is exploited, it may be affected as follows. It was * by a local third party Chromium Web Browser vulnerabilities are used to cause denial of service ( DoS ) - CVE-2022-1096. ========================================================================= Ubuntu Security Notice USN-5350-1 March 28, 2022
chromium-browser vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Chromium could be made to execute arbitrary code if it received a specially crafted input.
Software Description: - chromium-browser: Chromium web browser, open-source version of Chrome
Details:
It was discovered that Chromium incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04 LTS: chromium-browser 99.0.4844.84-0ubuntu0.18.04.1
This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
References: https://ubuntu.com/security/notices/USN-5350-1 CVE-2022-1096
Package Information: https://launchpad.net/ubuntu/+source/chromium-browser/99.0.4844.84-0ubuntu0.18.04.1 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-25
https://security.gentoo.org/
Severity: High Title: Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #828519, #834477, #835397, #836011, #836381, #836777, #838049, #838433, #841371, #843728, #847370, #851003, #853643, #773040, #787950, #800181, #810781, #815397, #829161, #835761, #836830, #847613, #853229, #837497, #838682, #843035, #848864, #851009, #854372 ID: 202208-25
Synopsis
Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution.
Background
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
Google Chrome is one fast, simple, and secure browser for all your devices.
Microsoft Edge is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-qt/qtwebengine < 5.15.5_p20220618>= 5.15.5_p20220618 2 www-client/chromium < 103.0.5060.53 >= 103.0.5060.53 3 www-client/google-chrome < 103.0.5060.53 >= 103.0.5060.53 4 www-client/microsoft-edge < 101.0.1210.47 >= 101.0.1210.47
Description
Multiple vulnerabilities have been discovered in Chromium and its derivatives. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Chromium users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-103.0.5060.53"
All Chromium binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-bin-103.0.5060.53"
All Google Chrome users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/google-chrome-103.0.5060.53"
All Microsoft Edge users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/chromium-103.0.5060.53"
All QtWebEngine users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">\xdev-qt/qtwebengine-5.15.5_p20220618"
References
[ 1 ] CVE-2021-4052 https://nvd.nist.gov/vuln/detail/CVE-2021-4052 [ 2 ] CVE-2021-4053 https://nvd.nist.gov/vuln/detail/CVE-2021-4053 [ 3 ] CVE-2021-4054 https://nvd.nist.gov/vuln/detail/CVE-2021-4054 [ 4 ] CVE-2021-4055 https://nvd.nist.gov/vuln/detail/CVE-2021-4055 [ 5 ] CVE-2021-4056 https://nvd.nist.gov/vuln/detail/CVE-2021-4056 [ 6 ] CVE-2021-4057 https://nvd.nist.gov/vuln/detail/CVE-2021-4057 [ 7 ] CVE-2021-4058 https://nvd.nist.gov/vuln/detail/CVE-2021-4058 [ 8 ] CVE-2021-4059 https://nvd.nist.gov/vuln/detail/CVE-2021-4059 [ 9 ] CVE-2021-4061 https://nvd.nist.gov/vuln/detail/CVE-2021-4061 [ 10 ] CVE-2021-4062 https://nvd.nist.gov/vuln/detail/CVE-2021-4062 [ 11 ] CVE-2021-4063 https://nvd.nist.gov/vuln/detail/CVE-2021-4063 [ 12 ] CVE-2021-4064 https://nvd.nist.gov/vuln/detail/CVE-2021-4064 [ 13 ] CVE-2021-4065 https://nvd.nist.gov/vuln/detail/CVE-2021-4065 [ 14 ] CVE-2021-4066 https://nvd.nist.gov/vuln/detail/CVE-2021-4066 [ 15 ] CVE-2021-4067 https://nvd.nist.gov/vuln/detail/CVE-2021-4067 [ 16 ] CVE-2021-4068 https://nvd.nist.gov/vuln/detail/CVE-2021-4068 [ 17 ] CVE-2021-4078 https://nvd.nist.gov/vuln/detail/CVE-2021-4078 [ 18 ] CVE-2021-4079 https://nvd.nist.gov/vuln/detail/CVE-2021-4079 [ 19 ] CVE-2021-30551 https://nvd.nist.gov/vuln/detail/CVE-2021-30551 [ 20 ] CVE-2022-0789 https://nvd.nist.gov/vuln/detail/CVE-2022-0789 [ 21 ] CVE-2022-0790 https://nvd.nist.gov/vuln/detail/CVE-2022-0790 [ 22 ] CVE-2022-0791 https://nvd.nist.gov/vuln/detail/CVE-2022-0791 [ 23 ] CVE-2022-0792 https://nvd.nist.gov/vuln/detail/CVE-2022-0792 [ 24 ] CVE-2022-0793 https://nvd.nist.gov/vuln/detail/CVE-2022-0793 [ 25 ] CVE-2022-0794 https://nvd.nist.gov/vuln/detail/CVE-2022-0794 [ 26 ] CVE-2022-0795 https://nvd.nist.gov/vuln/detail/CVE-2022-0795 [ 27 ] CVE-2022-0796 https://nvd.nist.gov/vuln/detail/CVE-2022-0796 [ 28 ] CVE-2022-0797 https://nvd.nist.gov/vuln/detail/CVE-2022-0797 [ 29 ] CVE-2022-0798 https://nvd.nist.gov/vuln/detail/CVE-2022-0798 [ 30 ] CVE-2022-0799 https://nvd.nist.gov/vuln/detail/CVE-2022-0799 [ 31 ] CVE-2022-0800 https://nvd.nist.gov/vuln/detail/CVE-2022-0800 [ 32 ] CVE-2022-0801 https://nvd.nist.gov/vuln/detail/CVE-2022-0801 [ 33 ] CVE-2022-0802 https://nvd.nist.gov/vuln/detail/CVE-2022-0802 [ 34 ] CVE-2022-0803 https://nvd.nist.gov/vuln/detail/CVE-2022-0803 [ 35 ] CVE-2022-0804 https://nvd.nist.gov/vuln/detail/CVE-2022-0804 [ 36 ] CVE-2022-0805 https://nvd.nist.gov/vuln/detail/CVE-2022-0805 [ 37 ] CVE-2022-0806 https://nvd.nist.gov/vuln/detail/CVE-2022-0806 [ 38 ] CVE-2022-0807 https://nvd.nist.gov/vuln/detail/CVE-2022-0807 [ 39 ] CVE-2022-0808 https://nvd.nist.gov/vuln/detail/CVE-2022-0808 [ 40 ] CVE-2022-0809 https://nvd.nist.gov/vuln/detail/CVE-2022-0809 [ 41 ] CVE-2022-0971 https://nvd.nist.gov/vuln/detail/CVE-2022-0971 [ 42 ] CVE-2022-0972 https://nvd.nist.gov/vuln/detail/CVE-2022-0972 [ 43 ] CVE-2022-0973 https://nvd.nist.gov/vuln/detail/CVE-2022-0973 [ 44 ] CVE-2022-0974 https://nvd.nist.gov/vuln/detail/CVE-2022-0974 [ 45 ] CVE-2022-0975 https://nvd.nist.gov/vuln/detail/CVE-2022-0975 [ 46 ] CVE-2022-0976 https://nvd.nist.gov/vuln/detail/CVE-2022-0976 [ 47 ] CVE-2022-0977 https://nvd.nist.gov/vuln/detail/CVE-2022-0977 [ 48 ] CVE-2022-0978 https://nvd.nist.gov/vuln/detail/CVE-2022-0978 [ 49 ] CVE-2022-0979 https://nvd.nist.gov/vuln/detail/CVE-2022-0979 [ 50 ] CVE-2022-0980 https://nvd.nist.gov/vuln/detail/CVE-2022-0980 [ 51 ] CVE-2022-1096 https://nvd.nist.gov/vuln/detail/CVE-2022-1096 [ 52 ] CVE-2022-1125 https://nvd.nist.gov/vuln/detail/CVE-2022-1125 [ 53 ] CVE-2022-1127 https://nvd.nist.gov/vuln/detail/CVE-2022-1127 [ 54 ] CVE-2022-1128 https://nvd.nist.gov/vuln/detail/CVE-2022-1128 [ 55 ] CVE-2022-1129 https://nvd.nist.gov/vuln/detail/CVE-2022-1129 [ 56 ] CVE-2022-1130 https://nvd.nist.gov/vuln/detail/CVE-2022-1130 [ 57 ] CVE-2022-1131 https://nvd.nist.gov/vuln/detail/CVE-2022-1131 [ 58 ] CVE-2022-1132 https://nvd.nist.gov/vuln/detail/CVE-2022-1132 [ 59 ] CVE-2022-1133 https://nvd.nist.gov/vuln/detail/CVE-2022-1133 [ 60 ] CVE-2022-1134 https://nvd.nist.gov/vuln/detail/CVE-2022-1134 [ 61 ] CVE-2022-1135 https://nvd.nist.gov/vuln/detail/CVE-2022-1135 [ 62 ] CVE-2022-1136 https://nvd.nist.gov/vuln/detail/CVE-2022-1136 [ 63 ] CVE-2022-1137 https://nvd.nist.gov/vuln/detail/CVE-2022-1137 [ 64 ] CVE-2022-1138 https://nvd.nist.gov/vuln/detail/CVE-2022-1138 [ 65 ] CVE-2022-1139 https://nvd.nist.gov/vuln/detail/CVE-2022-1139 [ 66 ] CVE-2022-1141 https://nvd.nist.gov/vuln/detail/CVE-2022-1141 [ 67 ] CVE-2022-1142 https://nvd.nist.gov/vuln/detail/CVE-2022-1142 [ 68 ] CVE-2022-1143 https://nvd.nist.gov/vuln/detail/CVE-2022-1143 [ 69 ] CVE-2022-1144 https://nvd.nist.gov/vuln/detail/CVE-2022-1144 [ 70 ] CVE-2022-1145 https://nvd.nist.gov/vuln/detail/CVE-2022-1145 [ 71 ] CVE-2022-1146 https://nvd.nist.gov/vuln/detail/CVE-2022-1146 [ 72 ] CVE-2022-1232 https://nvd.nist.gov/vuln/detail/CVE-2022-1232 [ 73 ] CVE-2022-1305 https://nvd.nist.gov/vuln/detail/CVE-2022-1305 [ 74 ] CVE-2022-1306 https://nvd.nist.gov/vuln/detail/CVE-2022-1306 [ 75 ] CVE-2022-1307 https://nvd.nist.gov/vuln/detail/CVE-2022-1307 [ 76 ] CVE-2022-1308 https://nvd.nist.gov/vuln/detail/CVE-2022-1308 [ 77 ] CVE-2022-1309 https://nvd.nist.gov/vuln/detail/CVE-2022-1309 [ 78 ] CVE-2022-1310 https://nvd.nist.gov/vuln/detail/CVE-2022-1310 [ 79 ] CVE-2022-1311 https://nvd.nist.gov/vuln/detail/CVE-2022-1311 [ 80 ] CVE-2022-1312 https://nvd.nist.gov/vuln/detail/CVE-2022-1312 [ 81 ] CVE-2022-1313 https://nvd.nist.gov/vuln/detail/CVE-2022-1313 [ 82 ] CVE-2022-1314 https://nvd.nist.gov/vuln/detail/CVE-2022-1314 [ 83 ] CVE-2022-1364 https://nvd.nist.gov/vuln/detail/CVE-2022-1364 [ 84 ] CVE-2022-1477 https://nvd.nist.gov/vuln/detail/CVE-2022-1477 [ 85 ] CVE-2022-1478 https://nvd.nist.gov/vuln/detail/CVE-2022-1478 [ 86 ] CVE-2022-1479 https://nvd.nist.gov/vuln/detail/CVE-2022-1479 [ 87 ] CVE-2022-1480 https://nvd.nist.gov/vuln/detail/CVE-2022-1480 [ 88 ] CVE-2022-1481 https://nvd.nist.gov/vuln/detail/CVE-2022-1481 [ 89 ] CVE-2022-1482 https://nvd.nist.gov/vuln/detail/CVE-2022-1482 [ 90 ] CVE-2022-1483 https://nvd.nist.gov/vuln/detail/CVE-2022-1483 [ 91 ] CVE-2022-1484 https://nvd.nist.gov/vuln/detail/CVE-2022-1484 [ 92 ] CVE-2022-1485 https://nvd.nist.gov/vuln/detail/CVE-2022-1485 [ 93 ] CVE-2022-1486 https://nvd.nist.gov/vuln/detail/CVE-2022-1486 [ 94 ] CVE-2022-1487 https://nvd.nist.gov/vuln/detail/CVE-2022-1487 [ 95 ] CVE-2022-1488 https://nvd.nist.gov/vuln/detail/CVE-2022-1488 [ 96 ] CVE-2022-1489 https://nvd.nist.gov/vuln/detail/CVE-2022-1489 [ 97 ] CVE-2022-1490 https://nvd.nist.gov/vuln/detail/CVE-2022-1490 [ 98 ] CVE-2022-1491 https://nvd.nist.gov/vuln/detail/CVE-2022-1491 [ 99 ] CVE-2022-1492 https://nvd.nist.gov/vuln/detail/CVE-2022-1492 [ 100 ] CVE-2022-1493 https://nvd.nist.gov/vuln/detail/CVE-2022-1493 [ 101 ] CVE-2022-1494 https://nvd.nist.gov/vuln/detail/CVE-2022-1494 [ 102 ] CVE-2022-1495 https://nvd.nist.gov/vuln/detail/CVE-2022-1495 [ 103 ] CVE-2022-1496 https://nvd.nist.gov/vuln/detail/CVE-2022-1496 [ 104 ] CVE-2022-1497 https://nvd.nist.gov/vuln/detail/CVE-2022-1497 [ 105 ] CVE-2022-1498 https://nvd.nist.gov/vuln/detail/CVE-2022-1498 [ 106 ] CVE-2022-1499 https://nvd.nist.gov/vuln/detail/CVE-2022-1499 [ 107 ] CVE-2022-1500 https://nvd.nist.gov/vuln/detail/CVE-2022-1500 [ 108 ] CVE-2022-1501 https://nvd.nist.gov/vuln/detail/CVE-2022-1501 [ 109 ] CVE-2022-1633 https://nvd.nist.gov/vuln/detail/CVE-2022-1633 [ 110 ] CVE-2022-1634 https://nvd.nist.gov/vuln/detail/CVE-2022-1634 [ 111 ] CVE-2022-1635 https://nvd.nist.gov/vuln/detail/CVE-2022-1635 [ 112 ] CVE-2022-1636 https://nvd.nist.gov/vuln/detail/CVE-2022-1636 [ 113 ] CVE-2022-1637 https://nvd.nist.gov/vuln/detail/CVE-2022-1637 [ 114 ] CVE-2022-1639 https://nvd.nist.gov/vuln/detail/CVE-2022-1639 [ 115 ] CVE-2022-1640 https://nvd.nist.gov/vuln/detail/CVE-2022-1640 [ 116 ] CVE-2022-1641 https://nvd.nist.gov/vuln/detail/CVE-2022-1641 [ 117 ] CVE-2022-1853 https://nvd.nist.gov/vuln/detail/CVE-2022-1853 [ 118 ] CVE-2022-1854 https://nvd.nist.gov/vuln/detail/CVE-2022-1854 [ 119 ] CVE-2022-1855 https://nvd.nist.gov/vuln/detail/CVE-2022-1855 [ 120 ] CVE-2022-1856 https://nvd.nist.gov/vuln/detail/CVE-2022-1856 [ 121 ] CVE-2022-1857 https://nvd.nist.gov/vuln/detail/CVE-2022-1857 [ 122 ] CVE-2022-1858 https://nvd.nist.gov/vuln/detail/CVE-2022-1858 [ 123 ] CVE-2022-1859 https://nvd.nist.gov/vuln/detail/CVE-2022-1859 [ 124 ] CVE-2022-1860 https://nvd.nist.gov/vuln/detail/CVE-2022-1860 [ 125 ] CVE-2022-1861 https://nvd.nist.gov/vuln/detail/CVE-2022-1861 [ 126 ] CVE-2022-1862 https://nvd.nist.gov/vuln/detail/CVE-2022-1862 [ 127 ] CVE-2022-1863 https://nvd.nist.gov/vuln/detail/CVE-2022-1863 [ 128 ] CVE-2022-1864 https://nvd.nist.gov/vuln/detail/CVE-2022-1864 [ 129 ] CVE-2022-1865 https://nvd.nist.gov/vuln/detail/CVE-2022-1865 [ 130 ] CVE-2022-1866 https://nvd.nist.gov/vuln/detail/CVE-2022-1866 [ 131 ] CVE-2022-1867 https://nvd.nist.gov/vuln/detail/CVE-2022-1867 [ 132 ] CVE-2022-1868 https://nvd.nist.gov/vuln/detail/CVE-2022-1868 [ 133 ] CVE-2022-1869 https://nvd.nist.gov/vuln/detail/CVE-2022-1869 [ 134 ] CVE-2022-1870 https://nvd.nist.gov/vuln/detail/CVE-2022-1870 [ 135 ] CVE-2022-1871 https://nvd.nist.gov/vuln/detail/CVE-2022-1871 [ 136 ] CVE-2022-1872 https://nvd.nist.gov/vuln/detail/CVE-2022-1872 [ 137 ] CVE-2022-1873 https://nvd.nist.gov/vuln/detail/CVE-2022-1873 [ 138 ] CVE-2022-1874 https://nvd.nist.gov/vuln/detail/CVE-2022-1874 [ 139 ] CVE-2022-1875 https://nvd.nist.gov/vuln/detail/CVE-2022-1875 [ 140 ] CVE-2022-1876 https://nvd.nist.gov/vuln/detail/CVE-2022-1876 [ 141 ] CVE-2022-2007 https://nvd.nist.gov/vuln/detail/CVE-2022-2007 [ 142 ] CVE-2022-2010 https://nvd.nist.gov/vuln/detail/CVE-2022-2010 [ 143 ] CVE-2022-2011 https://nvd.nist.gov/vuln/detail/CVE-2022-2011 [ 144 ] CVE-2022-2156 https://nvd.nist.gov/vuln/detail/CVE-2022-2156 [ 145 ] CVE-2022-2157 https://nvd.nist.gov/vuln/detail/CVE-2022-2157 [ 146 ] CVE-2022-2158 https://nvd.nist.gov/vuln/detail/CVE-2022-2158 [ 147 ] CVE-2022-2160 https://nvd.nist.gov/vuln/detail/CVE-2022-2160 [ 148 ] CVE-2022-2161 https://nvd.nist.gov/vuln/detail/CVE-2022-2161 [ 149 ] CVE-2022-2162 https://nvd.nist.gov/vuln/detail/CVE-2022-2162 [ 150 ] CVE-2022-2163 https://nvd.nist.gov/vuln/detail/CVE-2022-2163 [ 151 ] CVE-2022-2164 https://nvd.nist.gov/vuln/detail/CVE-2022-2164 [ 152 ] CVE-2022-2165 https://nvd.nist.gov/vuln/detail/CVE-2022-2165 [ 153 ] CVE-2022-22021 https://nvd.nist.gov/vuln/detail/CVE-2022-22021 [ 154 ] CVE-2022-24475 https://nvd.nist.gov/vuln/detail/CVE-2022-24475 [ 155 ] CVE-2022-24523 https://nvd.nist.gov/vuln/detail/CVE-2022-24523 [ 156 ] CVE-2022-26891 https://nvd.nist.gov/vuln/detail/CVE-2022-26891 [ 157 ] CVE-2022-26894 https://nvd.nist.gov/vuln/detail/CVE-2022-26894 [ 158 ] CVE-2022-26895 https://nvd.nist.gov/vuln/detail/CVE-2022-26895 [ 159 ] CVE-2022-26900 https://nvd.nist.gov/vuln/detail/CVE-2022-26900 [ 160 ] CVE-2022-26905 https://nvd.nist.gov/vuln/detail/CVE-2022-26905 [ 161 ] CVE-2022-26908 https://nvd.nist.gov/vuln/detail/CVE-2022-26908 [ 162 ] CVE-2022-26909 https://nvd.nist.gov/vuln/detail/CVE-2022-26909 [ 163 ] CVE-2022-26912 https://nvd.nist.gov/vuln/detail/CVE-2022-26912 [ 164 ] CVE-2022-29144 https://nvd.nist.gov/vuln/detail/CVE-2022-29144 [ 165 ] CVE-2022-29146 https://nvd.nist.gov/vuln/detail/CVE-2022-29146 [ 166 ] CVE-2022-29147 https://nvd.nist.gov/vuln/detail/CVE-2022-29147 [ 167 ] CVE-2022-30127 https://nvd.nist.gov/vuln/detail/CVE-2022-30127 [ 168 ] CVE-2022-30128 https://nvd.nist.gov/vuln/detail/CVE-2022-30128 [ 169 ] CVE-2022-30192 https://nvd.nist.gov/vuln/detail/CVE-2022-30192 [ 170 ] CVE-2022-33638 https://nvd.nist.gov/vuln/detail/CVE-2022-33638 [ 171 ] CVE-2022-33639 https://nvd.nist.gov/vuln/detail/CVE-2022-33639
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-25
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 .
For the stable distribution (bullseye), this problem has been fixed in version 99.0.4844.84-1~deb11u1.
We recommend that you upgrade your chromium packages.
For the detailed security status of chromium please refer to its security tracker page at: https://security-tracker.debian.org/tracker/chromium
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmJBXaAACgkQEMKTtsN8 TjbazQ/+IzYVZN+0pj9UBLmTcMNsaUt7Hh0G1D0NsJ8yKbQ6Kan11TcOBvzkQLER E5YbdLOfVaY/OZQRRyjtjzc/WwySaC0AKKg76rYd4bo4186szqPrTApKYz+Fb+Tw 9BCzzYxVQp4nPxcxdMo2PDrCXJg4Ux/ia9dUZFbSZOF8TccxU/1nAB89nS0jCECW OhjqKHM4vcpyPF+ztnGT8Lce+wy3TwTQ/CJM3GaKLK3RF8dT9y0Ae6PP902eOw+x CKbG9EsqB47K5v7Jrbm7LfaxxF1hs7l3kiaupk5YNxgIlHV0i/dpHT39zhSFEFdZ 4F2+lpzJpvKjz9kx2iyJcNYScxMTbWKQQrEYrcNFp3wE3vPl4ndASKrOniTta6ub H2j0Jp/O0pcQTLrsVTlSPvzVgSqTBjobgsIw4JWBSeDLpaDWNQR/dhxfoCQCUvA4 SDEby7l+buKPbipoCvupeyk+cQIM+yjXKc0OZDpHGekK8NsViD5rGIVyhKmFvWcC PajYlmZu68s49eg14hrpXudTcrLL+fFkKgxI5f0Eat0BLFsW7mFl6cvEzX+ErPKT 38XlAdtsO7FGq3DerKJhAyWzZbTPBpcXtPvguIytoxl3QXxcNBvcRgeZOjqMeIhW QqFsYamZq7zcDKYon9Zljtkz1/ai1viBejcvqJK5DqePtvz4AJA= =ZIch -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202203-1921",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "chrome",
"scope": "lt",
"trust": 1.0,
"vendor": "google",
"version": "99.0.4844.84"
},
{
"model": "factorytalk view",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "site edition 13"
},
{
"model": "connected components workbench",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "enhanced him",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "factorytalk linx",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002159"
},
{
"db": "NVD",
"id": "CVE-2022-1096"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reported by anonymous on 2022-03-23",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2278"
}
],
"trust": 0.6
},
"cve": "CVE-2022-1096",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-1096",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-1096",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1096",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-1096",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202203-2278",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002159"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2278"
},
{
"db": "NVD",
"id": "CVE-2022-1096"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rockwell Automation The following vulnerabilities exist in multiple products provided by . * Mistake of type (CWE-843) - CVE-2022-1096If the vulnerability is exploited, it may be affected as follows. It was * by a local third party Chromium Web Browser vulnerabilities are used to cause denial of service ( DoS ) - CVE-2022-1096. =========================================================================\nUbuntu Security Notice USN-5350-1\nMarch 28, 2022\n\nchromium-browser vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.04 LTS\n\nSummary:\n\nChromium could be made to execute arbitrary code if it received a specially\ncrafted input. \n\nSoftware Description:\n- chromium-browser: Chromium web browser, open-source version of Chrome\n\nDetails:\n\nIt was discovered that Chromium incorrectly handled certain inputs. \nAn attacker could possibly use this issue to execute arbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.04 LTS:\n chromium-browser 99.0.4844.84-0ubuntu0.18.04.1\n\nThis update uses a new upstream release, which includes additional bug\nfixes. In general, a standard system update will make all the necessary\nchanges. \n\nReferences:\n https://ubuntu.com/security/notices/USN-5350-1\n CVE-2022-1096\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/chromium-browser/99.0.4844.84-0ubuntu0.18.04.1\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-25\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities\n Date: August 14, 2022\n Bugs: #828519, #834477, #835397, #836011, #836381, #836777, #838049, #838433, #841371, #843728, #847370, #851003, #853643, #773040, #787950, #800181, #810781, #815397, #829161, #835761, #836830, #847613, #853229, #837497, #838682, #843035, #848864, #851009, #854372\n ID: 202208-25\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been found in Chromium and its\nderivatives, the worst of which could result in remote code execution. \n\nBackground\n=========\nChromium is an open-source browser project that aims to build a safer,\nfaster, and more stable way for all users to experience the web. \n\nGoogle Chrome is one fast, simple, and secure browser for all your\ndevices. \n\nMicrosoft Edge is a browser that combines a minimal design with\nsophisticated technology to make the web faster, safer, and easier. \n\nAffected packages\n================\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-qt/qtwebengine \u003c 5.15.5_p20220618\u003e= 5.15.5_p20220618\n 2 www-client/chromium \u003c 103.0.5060.53 \u003e= 103.0.5060.53\n 3 www-client/google-chrome \u003c 103.0.5060.53 \u003e= 103.0.5060.53\n 4 www-client/microsoft-edge \u003c 101.0.1210.47 \u003e= 101.0.1210.47\n\nDescription\n==========\nMultiple vulnerabilities have been discovered in Chromium and its\nderivatives. Please review the CVE identifiers referenced below for\ndetails. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Chromium users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/chromium-103.0.5060.53\"\n\nAll Chromium binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/chromium-bin-103.0.5060.53\"\n\nAll Google Chrome users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/google-chrome-103.0.5060.53\"\n\nAll Microsoft Edge users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/chromium-103.0.5060.53\"\n\nAll QtWebEngine users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e\\xdev-qt/qtwebengine-5.15.5_p20220618\"\n\nReferences\n=========\n[ 1 ] CVE-2021-4052\n https://nvd.nist.gov/vuln/detail/CVE-2021-4052\n[ 2 ] CVE-2021-4053\n https://nvd.nist.gov/vuln/detail/CVE-2021-4053\n[ 3 ] CVE-2021-4054\n https://nvd.nist.gov/vuln/detail/CVE-2021-4054\n[ 4 ] CVE-2021-4055\n https://nvd.nist.gov/vuln/detail/CVE-2021-4055\n[ 5 ] CVE-2021-4056\n https://nvd.nist.gov/vuln/detail/CVE-2021-4056\n[ 6 ] CVE-2021-4057\n https://nvd.nist.gov/vuln/detail/CVE-2021-4057\n[ 7 ] CVE-2021-4058\n https://nvd.nist.gov/vuln/detail/CVE-2021-4058\n[ 8 ] CVE-2021-4059\n https://nvd.nist.gov/vuln/detail/CVE-2021-4059\n[ 9 ] CVE-2021-4061\n https://nvd.nist.gov/vuln/detail/CVE-2021-4061\n[ 10 ] CVE-2021-4062\n https://nvd.nist.gov/vuln/detail/CVE-2021-4062\n[ 11 ] CVE-2021-4063\n https://nvd.nist.gov/vuln/detail/CVE-2021-4063\n[ 12 ] CVE-2021-4064\n https://nvd.nist.gov/vuln/detail/CVE-2021-4064\n[ 13 ] CVE-2021-4065\n https://nvd.nist.gov/vuln/detail/CVE-2021-4065\n[ 14 ] CVE-2021-4066\n https://nvd.nist.gov/vuln/detail/CVE-2021-4066\n[ 15 ] CVE-2021-4067\n https://nvd.nist.gov/vuln/detail/CVE-2021-4067\n[ 16 ] CVE-2021-4068\n https://nvd.nist.gov/vuln/detail/CVE-2021-4068\n[ 17 ] CVE-2021-4078\n https://nvd.nist.gov/vuln/detail/CVE-2021-4078\n[ 18 ] CVE-2021-4079\n https://nvd.nist.gov/vuln/detail/CVE-2021-4079\n[ 19 ] CVE-2021-30551\n https://nvd.nist.gov/vuln/detail/CVE-2021-30551\n[ 20 ] CVE-2022-0789\n https://nvd.nist.gov/vuln/detail/CVE-2022-0789\n[ 21 ] CVE-2022-0790\n https://nvd.nist.gov/vuln/detail/CVE-2022-0790\n[ 22 ] CVE-2022-0791\n https://nvd.nist.gov/vuln/detail/CVE-2022-0791\n[ 23 ] CVE-2022-0792\n https://nvd.nist.gov/vuln/detail/CVE-2022-0792\n[ 24 ] CVE-2022-0793\n https://nvd.nist.gov/vuln/detail/CVE-2022-0793\n[ 25 ] CVE-2022-0794\n https://nvd.nist.gov/vuln/detail/CVE-2022-0794\n[ 26 ] CVE-2022-0795\n https://nvd.nist.gov/vuln/detail/CVE-2022-0795\n[ 27 ] CVE-2022-0796\n https://nvd.nist.gov/vuln/detail/CVE-2022-0796\n[ 28 ] CVE-2022-0797\n https://nvd.nist.gov/vuln/detail/CVE-2022-0797\n[ 29 ] CVE-2022-0798\n https://nvd.nist.gov/vuln/detail/CVE-2022-0798\n[ 30 ] CVE-2022-0799\n https://nvd.nist.gov/vuln/detail/CVE-2022-0799\n[ 31 ] CVE-2022-0800\n https://nvd.nist.gov/vuln/detail/CVE-2022-0800\n[ 32 ] CVE-2022-0801\n https://nvd.nist.gov/vuln/detail/CVE-2022-0801\n[ 33 ] CVE-2022-0802\n https://nvd.nist.gov/vuln/detail/CVE-2022-0802\n[ 34 ] CVE-2022-0803\n https://nvd.nist.gov/vuln/detail/CVE-2022-0803\n[ 35 ] CVE-2022-0804\n https://nvd.nist.gov/vuln/detail/CVE-2022-0804\n[ 36 ] CVE-2022-0805\n https://nvd.nist.gov/vuln/detail/CVE-2022-0805\n[ 37 ] CVE-2022-0806\n https://nvd.nist.gov/vuln/detail/CVE-2022-0806\n[ 38 ] CVE-2022-0807\n https://nvd.nist.gov/vuln/detail/CVE-2022-0807\n[ 39 ] CVE-2022-0808\n https://nvd.nist.gov/vuln/detail/CVE-2022-0808\n[ 40 ] CVE-2022-0809\n https://nvd.nist.gov/vuln/detail/CVE-2022-0809\n[ 41 ] CVE-2022-0971\n https://nvd.nist.gov/vuln/detail/CVE-2022-0971\n[ 42 ] CVE-2022-0972\n https://nvd.nist.gov/vuln/detail/CVE-2022-0972\n[ 43 ] CVE-2022-0973\n https://nvd.nist.gov/vuln/detail/CVE-2022-0973\n[ 44 ] CVE-2022-0974\n https://nvd.nist.gov/vuln/detail/CVE-2022-0974\n[ 45 ] CVE-2022-0975\n https://nvd.nist.gov/vuln/detail/CVE-2022-0975\n[ 46 ] CVE-2022-0976\n https://nvd.nist.gov/vuln/detail/CVE-2022-0976\n[ 47 ] CVE-2022-0977\n https://nvd.nist.gov/vuln/detail/CVE-2022-0977\n[ 48 ] CVE-2022-0978\n https://nvd.nist.gov/vuln/detail/CVE-2022-0978\n[ 49 ] CVE-2022-0979\n https://nvd.nist.gov/vuln/detail/CVE-2022-0979\n[ 50 ] CVE-2022-0980\n https://nvd.nist.gov/vuln/detail/CVE-2022-0980\n[ 51 ] CVE-2022-1096\n https://nvd.nist.gov/vuln/detail/CVE-2022-1096\n[ 52 ] CVE-2022-1125\n https://nvd.nist.gov/vuln/detail/CVE-2022-1125\n[ 53 ] CVE-2022-1127\n https://nvd.nist.gov/vuln/detail/CVE-2022-1127\n[ 54 ] CVE-2022-1128\n https://nvd.nist.gov/vuln/detail/CVE-2022-1128\n[ 55 ] CVE-2022-1129\n https://nvd.nist.gov/vuln/detail/CVE-2022-1129\n[ 56 ] CVE-2022-1130\n https://nvd.nist.gov/vuln/detail/CVE-2022-1130\n[ 57 ] CVE-2022-1131\n https://nvd.nist.gov/vuln/detail/CVE-2022-1131\n[ 58 ] CVE-2022-1132\n https://nvd.nist.gov/vuln/detail/CVE-2022-1132\n[ 59 ] CVE-2022-1133\n https://nvd.nist.gov/vuln/detail/CVE-2022-1133\n[ 60 ] CVE-2022-1134\n https://nvd.nist.gov/vuln/detail/CVE-2022-1134\n[ 61 ] CVE-2022-1135\n https://nvd.nist.gov/vuln/detail/CVE-2022-1135\n[ 62 ] CVE-2022-1136\n https://nvd.nist.gov/vuln/detail/CVE-2022-1136\n[ 63 ] CVE-2022-1137\n https://nvd.nist.gov/vuln/detail/CVE-2022-1137\n[ 64 ] CVE-2022-1138\n https://nvd.nist.gov/vuln/detail/CVE-2022-1138\n[ 65 ] CVE-2022-1139\n https://nvd.nist.gov/vuln/detail/CVE-2022-1139\n[ 66 ] CVE-2022-1141\n https://nvd.nist.gov/vuln/detail/CVE-2022-1141\n[ 67 ] CVE-2022-1142\n https://nvd.nist.gov/vuln/detail/CVE-2022-1142\n[ 68 ] CVE-2022-1143\n https://nvd.nist.gov/vuln/detail/CVE-2022-1143\n[ 69 ] CVE-2022-1144\n https://nvd.nist.gov/vuln/detail/CVE-2022-1144\n[ 70 ] CVE-2022-1145\n https://nvd.nist.gov/vuln/detail/CVE-2022-1145\n[ 71 ] CVE-2022-1146\n https://nvd.nist.gov/vuln/detail/CVE-2022-1146\n[ 72 ] CVE-2022-1232\n https://nvd.nist.gov/vuln/detail/CVE-2022-1232\n[ 73 ] CVE-2022-1305\n https://nvd.nist.gov/vuln/detail/CVE-2022-1305\n[ 74 ] CVE-2022-1306\n https://nvd.nist.gov/vuln/detail/CVE-2022-1306\n[ 75 ] CVE-2022-1307\n https://nvd.nist.gov/vuln/detail/CVE-2022-1307\n[ 76 ] CVE-2022-1308\n https://nvd.nist.gov/vuln/detail/CVE-2022-1308\n[ 77 ] CVE-2022-1309\n https://nvd.nist.gov/vuln/detail/CVE-2022-1309\n[ 78 ] CVE-2022-1310\n https://nvd.nist.gov/vuln/detail/CVE-2022-1310\n[ 79 ] CVE-2022-1311\n https://nvd.nist.gov/vuln/detail/CVE-2022-1311\n[ 80 ] CVE-2022-1312\n https://nvd.nist.gov/vuln/detail/CVE-2022-1312\n[ 81 ] CVE-2022-1313\n https://nvd.nist.gov/vuln/detail/CVE-2022-1313\n[ 82 ] CVE-2022-1314\n https://nvd.nist.gov/vuln/detail/CVE-2022-1314\n[ 83 ] CVE-2022-1364\n https://nvd.nist.gov/vuln/detail/CVE-2022-1364\n[ 84 ] CVE-2022-1477\n https://nvd.nist.gov/vuln/detail/CVE-2022-1477\n[ 85 ] CVE-2022-1478\n https://nvd.nist.gov/vuln/detail/CVE-2022-1478\n[ 86 ] CVE-2022-1479\n https://nvd.nist.gov/vuln/detail/CVE-2022-1479\n[ 87 ] CVE-2022-1480\n https://nvd.nist.gov/vuln/detail/CVE-2022-1480\n[ 88 ] CVE-2022-1481\n https://nvd.nist.gov/vuln/detail/CVE-2022-1481\n[ 89 ] CVE-2022-1482\n https://nvd.nist.gov/vuln/detail/CVE-2022-1482\n[ 90 ] CVE-2022-1483\n https://nvd.nist.gov/vuln/detail/CVE-2022-1483\n[ 91 ] CVE-2022-1484\n https://nvd.nist.gov/vuln/detail/CVE-2022-1484\n[ 92 ] CVE-2022-1485\n https://nvd.nist.gov/vuln/detail/CVE-2022-1485\n[ 93 ] CVE-2022-1486\n https://nvd.nist.gov/vuln/detail/CVE-2022-1486\n[ 94 ] CVE-2022-1487\n https://nvd.nist.gov/vuln/detail/CVE-2022-1487\n[ 95 ] CVE-2022-1488\n https://nvd.nist.gov/vuln/detail/CVE-2022-1488\n[ 96 ] CVE-2022-1489\n https://nvd.nist.gov/vuln/detail/CVE-2022-1489\n[ 97 ] CVE-2022-1490\n https://nvd.nist.gov/vuln/detail/CVE-2022-1490\n[ 98 ] CVE-2022-1491\n https://nvd.nist.gov/vuln/detail/CVE-2022-1491\n[ 99 ] CVE-2022-1492\n https://nvd.nist.gov/vuln/detail/CVE-2022-1492\n[ 100 ] CVE-2022-1493\n https://nvd.nist.gov/vuln/detail/CVE-2022-1493\n[ 101 ] CVE-2022-1494\n https://nvd.nist.gov/vuln/detail/CVE-2022-1494\n[ 102 ] CVE-2022-1495\n https://nvd.nist.gov/vuln/detail/CVE-2022-1495\n[ 103 ] CVE-2022-1496\n https://nvd.nist.gov/vuln/detail/CVE-2022-1496\n[ 104 ] CVE-2022-1497\n https://nvd.nist.gov/vuln/detail/CVE-2022-1497\n[ 105 ] CVE-2022-1498\n https://nvd.nist.gov/vuln/detail/CVE-2022-1498\n[ 106 ] CVE-2022-1499\n https://nvd.nist.gov/vuln/detail/CVE-2022-1499\n[ 107 ] CVE-2022-1500\n https://nvd.nist.gov/vuln/detail/CVE-2022-1500\n[ 108 ] CVE-2022-1501\n https://nvd.nist.gov/vuln/detail/CVE-2022-1501\n[ 109 ] CVE-2022-1633\n https://nvd.nist.gov/vuln/detail/CVE-2022-1633\n[ 110 ] CVE-2022-1634\n https://nvd.nist.gov/vuln/detail/CVE-2022-1634\n[ 111 ] CVE-2022-1635\n https://nvd.nist.gov/vuln/detail/CVE-2022-1635\n[ 112 ] CVE-2022-1636\n https://nvd.nist.gov/vuln/detail/CVE-2022-1636\n[ 113 ] CVE-2022-1637\n https://nvd.nist.gov/vuln/detail/CVE-2022-1637\n[ 114 ] CVE-2022-1639\n https://nvd.nist.gov/vuln/detail/CVE-2022-1639\n[ 115 ] CVE-2022-1640\n https://nvd.nist.gov/vuln/detail/CVE-2022-1640\n[ 116 ] CVE-2022-1641\n https://nvd.nist.gov/vuln/detail/CVE-2022-1641\n[ 117 ] CVE-2022-1853\n https://nvd.nist.gov/vuln/detail/CVE-2022-1853\n[ 118 ] CVE-2022-1854\n https://nvd.nist.gov/vuln/detail/CVE-2022-1854\n[ 119 ] CVE-2022-1855\n https://nvd.nist.gov/vuln/detail/CVE-2022-1855\n[ 120 ] CVE-2022-1856\n https://nvd.nist.gov/vuln/detail/CVE-2022-1856\n[ 121 ] CVE-2022-1857\n https://nvd.nist.gov/vuln/detail/CVE-2022-1857\n[ 122 ] CVE-2022-1858\n https://nvd.nist.gov/vuln/detail/CVE-2022-1858\n[ 123 ] CVE-2022-1859\n https://nvd.nist.gov/vuln/detail/CVE-2022-1859\n[ 124 ] CVE-2022-1860\n https://nvd.nist.gov/vuln/detail/CVE-2022-1860\n[ 125 ] CVE-2022-1861\n https://nvd.nist.gov/vuln/detail/CVE-2022-1861\n[ 126 ] CVE-2022-1862\n https://nvd.nist.gov/vuln/detail/CVE-2022-1862\n[ 127 ] CVE-2022-1863\n https://nvd.nist.gov/vuln/detail/CVE-2022-1863\n[ 128 ] CVE-2022-1864\n https://nvd.nist.gov/vuln/detail/CVE-2022-1864\n[ 129 ] CVE-2022-1865\n https://nvd.nist.gov/vuln/detail/CVE-2022-1865\n[ 130 ] CVE-2022-1866\n https://nvd.nist.gov/vuln/detail/CVE-2022-1866\n[ 131 ] CVE-2022-1867\n https://nvd.nist.gov/vuln/detail/CVE-2022-1867\n[ 132 ] CVE-2022-1868\n https://nvd.nist.gov/vuln/detail/CVE-2022-1868\n[ 133 ] CVE-2022-1869\n https://nvd.nist.gov/vuln/detail/CVE-2022-1869\n[ 134 ] CVE-2022-1870\n https://nvd.nist.gov/vuln/detail/CVE-2022-1870\n[ 135 ] CVE-2022-1871\n https://nvd.nist.gov/vuln/detail/CVE-2022-1871\n[ 136 ] CVE-2022-1872\n https://nvd.nist.gov/vuln/detail/CVE-2022-1872\n[ 137 ] CVE-2022-1873\n https://nvd.nist.gov/vuln/detail/CVE-2022-1873\n[ 138 ] CVE-2022-1874\n https://nvd.nist.gov/vuln/detail/CVE-2022-1874\n[ 139 ] CVE-2022-1875\n https://nvd.nist.gov/vuln/detail/CVE-2022-1875\n[ 140 ] CVE-2022-1876\n https://nvd.nist.gov/vuln/detail/CVE-2022-1876\n[ 141 ] CVE-2022-2007\n https://nvd.nist.gov/vuln/detail/CVE-2022-2007\n[ 142 ] CVE-2022-2010\n https://nvd.nist.gov/vuln/detail/CVE-2022-2010\n[ 143 ] CVE-2022-2011\n https://nvd.nist.gov/vuln/detail/CVE-2022-2011\n[ 144 ] CVE-2022-2156\n https://nvd.nist.gov/vuln/detail/CVE-2022-2156\n[ 145 ] CVE-2022-2157\n https://nvd.nist.gov/vuln/detail/CVE-2022-2157\n[ 146 ] CVE-2022-2158\n https://nvd.nist.gov/vuln/detail/CVE-2022-2158\n[ 147 ] CVE-2022-2160\n https://nvd.nist.gov/vuln/detail/CVE-2022-2160\n[ 148 ] CVE-2022-2161\n https://nvd.nist.gov/vuln/detail/CVE-2022-2161\n[ 149 ] CVE-2022-2162\n https://nvd.nist.gov/vuln/detail/CVE-2022-2162\n[ 150 ] CVE-2022-2163\n https://nvd.nist.gov/vuln/detail/CVE-2022-2163\n[ 151 ] CVE-2022-2164\n https://nvd.nist.gov/vuln/detail/CVE-2022-2164\n[ 152 ] CVE-2022-2165\n https://nvd.nist.gov/vuln/detail/CVE-2022-2165\n[ 153 ] CVE-2022-22021\n https://nvd.nist.gov/vuln/detail/CVE-2022-22021\n[ 154 ] CVE-2022-24475\n https://nvd.nist.gov/vuln/detail/CVE-2022-24475\n[ 155 ] CVE-2022-24523\n https://nvd.nist.gov/vuln/detail/CVE-2022-24523\n[ 156 ] CVE-2022-26891\n https://nvd.nist.gov/vuln/detail/CVE-2022-26891\n[ 157 ] CVE-2022-26894\n https://nvd.nist.gov/vuln/detail/CVE-2022-26894\n[ 158 ] CVE-2022-26895\n https://nvd.nist.gov/vuln/detail/CVE-2022-26895\n[ 159 ] CVE-2022-26900\n https://nvd.nist.gov/vuln/detail/CVE-2022-26900\n[ 160 ] CVE-2022-26905\n https://nvd.nist.gov/vuln/detail/CVE-2022-26905\n[ 161 ] CVE-2022-26908\n https://nvd.nist.gov/vuln/detail/CVE-2022-26908\n[ 162 ] CVE-2022-26909\n https://nvd.nist.gov/vuln/detail/CVE-2022-26909\n[ 163 ] CVE-2022-26912\n https://nvd.nist.gov/vuln/detail/CVE-2022-26912\n[ 164 ] CVE-2022-29144\n https://nvd.nist.gov/vuln/detail/CVE-2022-29144\n[ 165 ] CVE-2022-29146\n https://nvd.nist.gov/vuln/detail/CVE-2022-29146\n[ 166 ] CVE-2022-29147\n https://nvd.nist.gov/vuln/detail/CVE-2022-29147\n[ 167 ] CVE-2022-30127\n https://nvd.nist.gov/vuln/detail/CVE-2022-30127\n[ 168 ] CVE-2022-30128\n https://nvd.nist.gov/vuln/detail/CVE-2022-30128\n[ 169 ] CVE-2022-30192\n https://nvd.nist.gov/vuln/detail/CVE-2022-30192\n[ 170 ] CVE-2022-33638\n https://nvd.nist.gov/vuln/detail/CVE-2022-33638\n[ 171 ] CVE-2022-33639\n https://nvd.nist.gov/vuln/detail/CVE-2022-33639\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-25\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. \n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 99.0.4844.84-1~deb11u1. \n\nWe recommend that you upgrade your chromium packages. \n\nFor the detailed security status of chromium please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/chromium\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmJBXaAACgkQEMKTtsN8\nTjbazQ/+IzYVZN+0pj9UBLmTcMNsaUt7Hh0G1D0NsJ8yKbQ6Kan11TcOBvzkQLER\nE5YbdLOfVaY/OZQRRyjtjzc/WwySaC0AKKg76rYd4bo4186szqPrTApKYz+Fb+Tw\n9BCzzYxVQp4nPxcxdMo2PDrCXJg4Ux/ia9dUZFbSZOF8TccxU/1nAB89nS0jCECW\nOhjqKHM4vcpyPF+ztnGT8Lce+wy3TwTQ/CJM3GaKLK3RF8dT9y0Ae6PP902eOw+x\nCKbG9EsqB47K5v7Jrbm7LfaxxF1hs7l3kiaupk5YNxgIlHV0i/dpHT39zhSFEFdZ\n4F2+lpzJpvKjz9kx2iyJcNYScxMTbWKQQrEYrcNFp3wE3vPl4ndASKrOniTta6ub\nH2j0Jp/O0pcQTLrsVTlSPvzVgSqTBjobgsIw4JWBSeDLpaDWNQR/dhxfoCQCUvA4\nSDEby7l+buKPbipoCvupeyk+cQIM+yjXKc0OZDpHGekK8NsViD5rGIVyhKmFvWcC\nPajYlmZu68s49eg14hrpXudTcrLL+fFkKgxI5f0Eat0BLFsW7mFl6cvEzX+ErPKT\n38XlAdtsO7FGq3DerKJhAyWzZbTPBpcXtPvguIytoxl3QXxcNBvcRgeZOjqMeIhW\nQqFsYamZq7zcDKYon9Zljtkz1/ai1viBejcvqJK5DqePtvz4AJA=\n=ZIch\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1096"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002159"
},
{
"db": "VULMON",
"id": "CVE-2022-1096"
},
{
"db": "PACKETSTORM",
"id": "166544"
},
{
"db": "PACKETSTORM",
"id": "168075"
},
{
"db": "PACKETSTORM",
"id": "169350"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1096",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-209-01",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU93834764",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002159",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "166544",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.3702",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1337",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.1294",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032827",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032601",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032912",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022060052",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2278",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-1096",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168075",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169350",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1096"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002159"
},
{
"db": "PACKETSTORM",
"id": "166544"
},
{
"db": "PACKETSTORM",
"id": "168075"
},
{
"db": "PACKETSTORM",
"id": "169350"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2278"
},
{
"db": "NVD",
"id": "CVE-2022-1096"
}
]
},
"id": "VAR-202203-1921",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.544312185
},
"last_update_date": "2024-08-14T13:06:34.631000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Product\u00a0Compatibility\u00a0\u0026\u00a0Download\u00a0Center\u00a0from\u00a0Rockwell\u00a0Automation Rockwell\u00a0Automation",
"trust": 0.8,
"url": "https://compatibility.rockwellautomation.com/Pages/Home.aspx"
},
{
"title": "Google Chrome Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=186884"
},
{
"title": "Debian Security Advisories: DSA-5110-1 chromium -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=e9e9ba88a881ad0a39b9244f299b6a5e"
},
{
"title": "Google Chrome: Stable Channel Update for Desktop",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=chrome_releases\u0026qid=9e48fc90e4efa33ae51fdb4506bde295"
},
{
"title": "cve-2022-1096",
"trust": 0.1,
"url": "https://github.com/git-cve-updater/cve-2022-1096 "
},
{
"title": "Chrome-and-Edge-Version-Dumper",
"trust": 0.1,
"url": "https://github.com/Maverick-cmd/Chrome-and-Edge-Version-Dumper "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/google-chrome-bug-actively-exploited-zero-day/179161/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/emergency-google-chrome-update-fixes-zero-day-used-in-attacks/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2022/03/28/google_chromium_exploit/"
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2022/04/15/google-third-fix-chrome-vulnerability/"
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/cisa-warns-orgs-to-patch-actively-exploited-chrome-redis-bugs/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1096"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002159"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2278"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-843",
"trust": 1.0
},
{
"problemtype": "Mistake of type (CWE-843) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002159"
},
{
"db": "NVD",
"id": "CVE-2022-1096"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202208-25"
},
{
"trust": 1.6,
"url": "https://crbug.com/1309225"
},
{
"trust": 1.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1096"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93834764/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-209-01"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167516/chrome-cve-2022-1096-incomplete-fix.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3702"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022060052"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032827"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1294"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1096/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166544/ubuntu-security-notice-usn-5350-1.html"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-209-01"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032601"
},
{
"trust": 0.6,
"url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2022-1096"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032912"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/chrome-memory-corruption-via-v8-37881"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.1337"
},
{
"trust": 0.1,
"url": "https://threatpost.com/google-chrome-bug-actively-exploited-zero-day/179161/"
},
{
"trust": 0.1,
"url": "https://github.com/git-cve-updater/cve-2022-1096"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/2022/dsa-5110"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/chromium-browser/99.0.4844.84-0ubuntu0.18.04.1"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5350-1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1136"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1138"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1501"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1489"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1490"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1861"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1480"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4058"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0975"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1633"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1500"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0972"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29144"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29147"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0978"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1876"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2156"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1858"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0808"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1863"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1871"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1146"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1487"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1637"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0801"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26895"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1873"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0807"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4059"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4062"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0791"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26891"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2157"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4055"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0798"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0803"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4057"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1144"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26912"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0979"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26900"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1495"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1484"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1497"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1143"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4068"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4063"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0792"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0794"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1493"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1486"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1867"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2165"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1310"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0789"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1485"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33638"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4066"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1865"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0806"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1853"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1313"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1857"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1870"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1127"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1875"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0809"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-33639"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26894"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26909"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1130"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1635"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1135"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1868"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1856"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1232"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29146"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24475"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4052"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1488"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1478"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1312"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4053"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1477"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1636"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1639"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2160"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2164"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4078"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1479"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1308"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1869"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2011"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30127"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4061"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1862"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1145"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1854"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2007"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1859"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1132"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0802"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1482"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1634"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1142"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1499"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4079"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0973"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1864"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1131"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1309"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22021"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1481"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0795"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4056"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30192"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24523"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1306"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1139"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1305"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1311"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0799"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26905"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2162"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1496"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1133"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1855"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1141"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1860"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1494"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4054"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0804"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1872"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1874"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0805"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4065"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1314"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0793"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1640"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26908"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-4064"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0800"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2158"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1137"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2163"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1364"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/chromium"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-1096"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002159"
},
{
"db": "PACKETSTORM",
"id": "166544"
},
{
"db": "PACKETSTORM",
"id": "168075"
},
{
"db": "PACKETSTORM",
"id": "169350"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2278"
},
{
"db": "NVD",
"id": "CVE-2022-1096"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-1096"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-002159"
},
{
"db": "PACKETSTORM",
"id": "166544"
},
{
"db": "PACKETSTORM",
"id": "168075"
},
{
"db": "PACKETSTORM",
"id": "169350"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2278"
},
{
"db": "NVD",
"id": "CVE-2022-1096"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-002159"
},
{
"date": "2022-03-30T14:48:41",
"db": "PACKETSTORM",
"id": "166544"
},
{
"date": "2022-08-15T16:03:09",
"db": "PACKETSTORM",
"id": "168075"
},
{
"date": "2022-03-28T19:12:00",
"db": "PACKETSTORM",
"id": "169350"
},
{
"date": "2022-03-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2278"
},
{
"date": "2022-07-23T00:15:08.333000",
"db": "NVD",
"id": "CVE-2022-1096"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-06-13T06:18:00",
"db": "JVNDB",
"id": "JVNDB-2022-002159"
},
{
"date": "2022-08-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202203-2278"
},
{
"date": "2022-10-27T22:50:00.437000",
"db": "NVD",
"id": "CVE-2022-1096"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "168075"
},
{
"db": "CNNVD",
"id": "CNNVD-202203-2278"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Rockwell\u00a0Automation\u00a0 Type mix-up vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-002159"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202203-2278"
}
],
"trust": 0.6
}
}
var-202204-1280
Vulnerability from variot
Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in arbitrary code execution. This vulnerability requires user interaction to be successfully exploited. Rockwell Automation Provided by ISaGRAF Deserialization of untrusted data ( CWE-502 , CVE-2022-1118 ) Is vulnerable.By opening a specially crafted, malicious file, an attacker may be able to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of CCWARC files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1280",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "connected components workbench",
"scope": null,
"trust": 3.6,
"vendor": "rockwell automation",
"version": null
},
{
"model": "isagraf workbench",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.6.9"
},
{
"model": "isagraf workbench",
"scope": "gte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.0"
},
{
"model": "connected component workbench",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "13.00.00"
},
{
"model": "safety instrumented systems workstation",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "1.2"
},
{
"model": "isagraf workbench",
"scope": null,
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "safety instrumented systems workstation",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "v1.2 and earlier (trusted controller for )"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-589"
},
{
"db": "ZDI",
"id": "ZDI-22-588"
},
{
"db": "ZDI",
"id": "ZDI-22-587"
},
{
"db": "ZDI",
"id": "ZDI-22-586"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001527"
},
{
"db": "NVD",
"id": "CVE-2022-1118"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-589"
},
{
"db": "ZDI",
"id": "ZDI-22-588"
},
{
"db": "ZDI",
"id": "ZDI-22-587"
},
{
"db": "ZDI",
"id": "ZDI-22-586"
}
],
"trust": 2.8
},
"cve": "CVE-2022-1118",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2022-1118",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-418892",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1118",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.8,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1118",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2022-1118",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-001527",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2022-1118",
"trust": 2.8,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-1118",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2022-1118",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-1118",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202204-2525",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-418892",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2022-1118",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-589"
},
{
"db": "ZDI",
"id": "ZDI-22-588"
},
{
"db": "ZDI",
"id": "ZDI-22-587"
},
{
"db": "ZDI",
"id": "ZDI-22-586"
},
{
"db": "VULHUB",
"id": "VHN-418892"
},
{
"db": "VULMON",
"id": "CVE-2022-1118"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001527"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2525"
},
{
"db": "NVD",
"id": "CVE-2022-1118"
},
{
"db": "NVD",
"id": "CVE-2022-1118"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in arbitrary code execution. This vulnerability requires user interaction to be successfully exploited. Rockwell Automation Provided by ISaGRAF Deserialization of untrusted data ( CWE-502 , CVE-2022-1118 ) Is vulnerable.By opening a specially crafted, malicious file, an attacker may be able to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of CCWARC files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-1118"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001527"
},
{
"db": "ZDI",
"id": "ZDI-22-589"
},
{
"db": "ZDI",
"id": "ZDI-22-588"
},
{
"db": "ZDI",
"id": "ZDI-22-587"
},
{
"db": "ZDI",
"id": "ZDI-22-586"
},
{
"db": "VULHUB",
"id": "VHN-418892"
},
{
"db": "VULMON",
"id": "CVE-2022-1118"
}
],
"trust": 4.32
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-1118",
"trust": 6.2
},
{
"db": "ICS CERT",
"id": "ICSA-22-095-01",
"trust": 2.6
},
{
"db": "ZDI",
"id": "ZDI-22-589",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU99485677",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001527",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-15176",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-15175",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-588",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-15174",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-587",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-15173",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-586",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022040601",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2525",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-418892",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-1118",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-589"
},
{
"db": "ZDI",
"id": "ZDI-22-588"
},
{
"db": "ZDI",
"id": "ZDI-22-587"
},
{
"db": "ZDI",
"id": "ZDI-22-586"
},
{
"db": "VULHUB",
"id": "VHN-418892"
},
{
"db": "VULMON",
"id": "CVE-2022-1118"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001527"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2525"
},
{
"db": "NVD",
"id": "CVE-2022-1118"
}
]
},
"id": "VAR-202204-1280",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-418892"
}
],
"trust": 0.58214287
},
"last_update_date": "2024-11-23T22:29:01.209000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Rockwell Automation has issued an update to correct this vulnerability.",
"trust": 2.8,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-095-01"
},
{
"title": "Connected\u00a0Components\u00a0Workbench\u00a020.00.00 Rockwell\u00a0Automation",
"trust": 0.8,
"url": "https://compatibility.rockwellautomation.com/Pages/MultiProductFindDownloads.aspx?crumb=112\u0026mode=3\u0026refSoft=1\u0026versions=59954"
},
{
"title": "Rockwell Automation Connected Components Workbench Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198460"
},
{
"title": "cve-2022-1118",
"trust": 0.1,
"url": "https://github.com/git-cve-updater/cve-2022-1118 "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-589"
},
{
"db": "ZDI",
"id": "ZDI-22-588"
},
{
"db": "ZDI",
"id": "ZDI-22-587"
},
{
"db": "ZDI",
"id": "ZDI-22-586"
},
{
"db": "VULMON",
"id": "CVE-2022-1118"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001527"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2525"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-502",
"trust": 1.1
},
{
"problemtype": "Deserialization of untrusted data (CWE-502) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-418892"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001527"
},
{
"db": "NVD",
"id": "CVE-2022-1118"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.5,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-095-01"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99485677/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1118"
},
{
"trust": 0.7,
"url": "https://www.zerodayinitiative.com/advisories/zdi-22-589/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-095-01"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-1118/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022040601"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/502.html"
},
{
"trust": 0.1,
"url": "https://github.com/git-cve-updater/cve-2022-1118"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-589"
},
{
"db": "ZDI",
"id": "ZDI-22-588"
},
{
"db": "ZDI",
"id": "ZDI-22-587"
},
{
"db": "ZDI",
"id": "ZDI-22-586"
},
{
"db": "VULHUB",
"id": "VHN-418892"
},
{
"db": "VULMON",
"id": "CVE-2022-1118"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001527"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2525"
},
{
"db": "NVD",
"id": "CVE-2022-1118"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-589"
},
{
"db": "ZDI",
"id": "ZDI-22-588"
},
{
"db": "ZDI",
"id": "ZDI-22-587"
},
{
"db": "ZDI",
"id": "ZDI-22-586"
},
{
"db": "VULHUB",
"id": "VHN-418892"
},
{
"db": "VULMON",
"id": "CVE-2022-1118"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-001527"
},
{
"db": "CNNVD",
"id": "CNNVD-202204-2525"
},
{
"db": "NVD",
"id": "CVE-2022-1118"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-22-589"
},
{
"date": "2022-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-22-588"
},
{
"date": "2022-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-22-587"
},
{
"date": "2022-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-22-586"
},
{
"date": "2022-05-17T00:00:00",
"db": "VULHUB",
"id": "VHN-418892"
},
{
"date": "2022-05-17T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1118"
},
{
"date": "2022-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-001527"
},
{
"date": "2022-04-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2525"
},
{
"date": "2022-05-17T20:15:08.173000",
"db": "NVD",
"id": "CVE-2022-1118"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-22-589"
},
{
"date": "2022-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-22-588"
},
{
"date": "2022-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-22-587"
},
{
"date": "2022-04-08T00:00:00",
"db": "ZDI",
"id": "ZDI-22-586"
},
{
"date": "2022-05-26T00:00:00",
"db": "VULHUB",
"id": "VHN-418892"
},
{
"date": "2022-05-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-1118"
},
{
"date": "2024-06-18T08:48:00",
"db": "JVNDB",
"id": "JVNDB-2022-001527"
},
{
"date": "2022-07-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202204-2525"
},
{
"date": "2024-11-21T06:40:05.017000",
"db": "NVD",
"id": "CVE-2022-1118"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2525"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation Connected Components Workbench CCWARC File Parsing Deserialization Of Untrusted Data Remote Code Execution Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-589"
},
{
"db": "ZDI",
"id": "ZDI-22-588"
},
{
"db": "ZDI",
"id": "ZDI-22-587"
},
{
"db": "ZDI",
"id": "ZDI-22-586"
}
],
"trust": 2.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202204-2525"
}
],
"trust": 0.6
}
}
var-202204-1715
Vulnerability from variot
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of ccwsln files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202204-1715",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "connected components workbench",
"scope": null,
"trust": 0.7,
"vendor": "rockwell automation",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-585"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kimiya",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-585"
}
],
"trust": 0.7
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "ZDI-22-585",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "REQUIRED",
"vectorString": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "ZDI-22-585",
"trust": 0.7,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-585"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of ccwsln files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process.",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-585"
}
],
"trust": 0.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-15179",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-22-585",
"trust": 0.7
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-585"
}
]
},
"id": "VAR-202204-1715",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2022-05-17T02:02:17.100000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Rockwell Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-585"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-088-01"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-585"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-22-585"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-05T00:00:00",
"db": "ZDI",
"id": "ZDI-22-585"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-04-05T00:00:00",
"db": "ZDI",
"id": "ZDI-22-585"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation Connected Components Workbench ccwsln File Parsing XML External Entity Processing Information Disclosure Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-22-585"
}
],
"trust": 0.7
}
}
var-202006-0317
Vulnerability from variot
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to specify a filename to execute unauthorized code and modify files or data. Rockwell Automation Provided by the company FactoryTalk Linx Software The following multiple vulnerabilities exist in. * Improper input confirmation (CWE-20) - CVE-2020-11999 * Improper input confirmation (CWE-20) - CVE-2020-12001 * Directory traversal (CWE-22) - CVE-2020-12003 * Upload any file (CWE-434) - CVE-2020-12005The expected impact depends on each vulnerability, but it may be affected as follows. * API Arbitrary code may be executed or files or data may be tampered with by a remote third party because arbitrary files are not properly sanitized during a call. - CVE-2020-11999 * Proper sanitization of specially crafted files can lead to sensitive information being stolen or arbitrary code being executed by a remote third party. - CVE-2020-12001 * API Sensitive information on the local hard drive is stolen by a remote third party because it does not properly sanitize the specially crafted request during the call. - CVE-2020-12003 * Improperly compressed by a remote third party EDF By uploading the file, the compressed file can be decompressed. CPU All resources are consumed and service operation is interrupted (DoS) The condition is triggered - CVE-2020-12005. Rockwell Automation RSLinx Classic and others are products of Rockwell Automation (USA). Rockwell Automation RSLinx Classic is a set of industrial communication solutions. Rockwell Automation ControlFLASH is a firmware update utility
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-0317",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rslinx classic",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "4.11.00"
},
{
"model": "factorytalk linx",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.10"
},
{
"model": "factorytalk linx",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.11"
},
{
"model": "factorytalk linx",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.00"
},
{
"model": "connected components workbench",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 12"
},
{
"model": "controlflash",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 14 \u304a\u3088\u3073\u305d\u308c"
},
{
"model": "controlflash plus",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 1 \u304a\u3088\u3073\u305d\u308c"
},
{
"model": "factorytalk asset centre",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 9 \u304a\u3088\u3073\u305d\u308c"
},
{
"model": "factorytalk linx",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 6.00, 6.10, 6.11"
},
{
"model": "factorytalk linx commdtm",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 1 \u304a\u3088\u3073\u305d\u308c"
},
{
"model": "studio 5000 launcher",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 31 \u304a\u3088\u3073\u305d\u308c"
},
{
"model": "studio 5000 logix designer",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "software version 32"
},
{
"model": "automation rslinx classic",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=4.11.00"
},
{
"model": "automation factorytalk linx",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "6.00"
},
{
"model": "automation factorytalk linx",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "6.10"
},
{
"model": "automation factorytalk linx",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "6.11"
},
{
"model": "automation connected components workbench",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=12"
},
{
"model": "automation controlflash",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=14"
},
{
"model": "automation controlflash plus",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=1"
},
{
"model": "automation factorytalk asset centre",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=9"
},
{
"model": "automation factorytalk linx commdtm",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=1"
},
{
"model": "automation studio launcher",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "5000\u003c=31"
},
{
"model": "automation studio logix designer software",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "5000\u003c=32"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38696"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "NVD",
"id": "CVE-2020-11999"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:rockwellautomation:connected_components_workbench",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:controlflash",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:controlflash_plus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:factorytalk_asset_centre",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:factorytalk_linx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:factorytalk_linx_commdtm",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:studio_5000_launcher",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:studio_5000_logix_designer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sharon Brizinov and Amir Preminger (VP Research) of Claroty",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-918"
}
],
"trust": 0.6
},
"cve": "CVE-2020-11999",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2020-11999",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-38696",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-164633",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-11999",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 9.6,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005434",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 9.6,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005434",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005434",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005434",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-005434",
"trust": 1.6,
"value": "Critical"
},
{
"author": "IPA",
"id": "JVNDB-2020-005434",
"trust": 1.6,
"value": "High"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-11999",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-38696",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-918",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-164633",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38696"
},
{
"db": "VULHUB",
"id": "VHN-164633"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-918"
},
{
"db": "NVD",
"id": "CVE-2020-11999"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to specify a filename to execute unauthorized code and modify files or data. Rockwell Automation Provided by the company FactoryTalk Linx Software The following multiple vulnerabilities exist in. * Improper input confirmation (CWE-20) - CVE-2020-11999 * Improper input confirmation (CWE-20) - CVE-2020-12001 * Directory traversal (CWE-22) - CVE-2020-12003 * Upload any file (CWE-434) - CVE-2020-12005The expected impact depends on each vulnerability, but it may be affected as follows. * API Arbitrary code may be executed or files or data may be tampered with by a remote third party because arbitrary files are not properly sanitized during a call. - CVE-2020-11999 * Proper sanitization of specially crafted files can lead to sensitive information being stolen or arbitrary code being executed by a remote third party. - CVE-2020-12001 * API Sensitive information on the local hard drive is stolen by a remote third party because it does not properly sanitize the specially crafted request during the call. - CVE-2020-12003 * Improperly compressed by a remote third party EDF By uploading the file, the compressed file can be decompressed. CPU All resources are consumed and service operation is interrupted (DoS) The condition is triggered - CVE-2020-12005. Rockwell Automation RSLinx Classic and others are products of Rockwell Automation (USA). Rockwell Automation RSLinx Classic is a set of industrial communication solutions. Rockwell Automation ControlFLASH is a firmware update utility",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-11999"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNVD",
"id": "CNVD-2020-38696"
},
{
"db": "VULHUB",
"id": "VHN-164633"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-11999",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-163-02",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU91454414",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-38696",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202006-918",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2062",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-164633",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38696"
},
{
"db": "VULHUB",
"id": "VHN-164633"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-918"
},
{
"db": "NVD",
"id": "CVE-2020-11999"
}
]
},
"id": "VAR-202006-0317",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38696"
},
{
"db": "VULHUB",
"id": "VHN-164633"
}
],
"trust": 1.4670862077777778
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38696"
}
]
},
"last_update_date": "2024-11-23T22:16:26.664000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "54102-Industrial Security Advisory Index (\u8981\u30ed\u30b0\u30a4\u30f3)",
"trust": 0.8,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/54102"
},
{
"title": "Patch for Multiple Rockwell Automation product input validation error vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/225409"
},
{
"title": "Multiple Rockwell Automation Product input verification error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122477"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38696"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-918"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164633"
},
{
"db": "NVD",
"id": "CVE-2020-11999"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11999"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12003"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12005"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11999"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12001"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91454414/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12001"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12003"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12005"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2062/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38696"
},
{
"db": "VULHUB",
"id": "VHN-164633"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-918"
},
{
"db": "NVD",
"id": "CVE-2020-11999"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-38696"
},
{
"db": "VULHUB",
"id": "VHN-164633"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-918"
},
{
"db": "NVD",
"id": "CVE-2020-11999"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38696"
},
{
"date": "2020-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-164633"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"date": "2020-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-918"
},
{
"date": "2020-06-15T20:15:11.223000",
"db": "NVD",
"id": "CVE-2020-11999"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38696"
},
{
"date": "2020-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-164633"
},
{
"date": "2020-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"date": "2020-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-918"
},
{
"date": "2024-11-21T04:59:05.213000",
"db": "NVD",
"id": "CVE-2020-11999"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-918"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation Made FactoryTalk Linx Software Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-918"
}
],
"trust": 0.6
}
}
var-201411-0420
Vulnerability from variot
Rockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an invalid property value to an ActiveX control that was built with an outdated compiler. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the RA.ViewElements.Grid.1 ActiveXControl method. By providing a malicious value to the LeftXOffset property, an attacker can write a four byte null value to an arbitrary location. An attacker could use this to execute arbitrary code in the context of the browser. Rockwell Automation CCW is an HMI editor and component-level industrial product for designing and configuring applications and implementing microcontrollers. Failed exploit attempts will likely result in denial-of-service conditions. Rockwell Automation CCW 6.01.00 and prior are vulnerable. The software can be used for controller programming and device configuration, and is integrated with an HMI editor to further simplify stand-alone device programming. A security vulnerability exists in Rockwell Automation CCW versions prior to 7.00.00 due to the program using an older version of the compiler to create custom ActiveX components
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "connected components workbench",
"scope": null,
"trust": 1.4,
"vendor": "rockwell automation",
"version": null
},
{
"_id": null,
"model": "connected components workbench",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.01.00"
},
{
"_id": null,
"model": "connected components workbench",
"scope": "lt",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "7.00.00"
},
{
"_id": null,
"model": "software rockwell automation ccw",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=6.01.00"
},
{
"_id": null,
"model": "connected components workbench",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwellautomation",
"version": "6.01.00"
},
{
"_id": null,
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "connected components workbench",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b9014a1c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-384"
},
{
"db": "ZDI",
"id": "ZDI-14-383"
},
{
"db": "CNVD",
"id": "CNVD-2014-08308"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005454"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-206"
},
{
"db": "NVD",
"id": "CVE-2014-5424"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:rockwellautomation:connected_components_workbench",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005454"
}
]
},
"credits": {
"_id": null,
"data": "Andrea Micalizzi (rgod)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-384"
},
{
"db": "ZDI",
"id": "ZDI-14-383"
}
],
"trust": 1.4
},
"cve": "CVE-2014-5424",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-5424",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 3.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-08308",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "b9014a1c-2351-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-73365",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "ZDI",
"id": "CVE-2014-5424",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-5424",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-5424",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-08308",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-206",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "b9014a1c-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-73365",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b9014a1c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-384"
},
{
"db": "ZDI",
"id": "ZDI-14-383"
},
{
"db": "CNVD",
"id": "CNVD-2014-08308"
},
{
"db": "VULHUB",
"id": "VHN-73365"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005454"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-206"
},
{
"db": "NVD",
"id": "CVE-2014-5424"
}
]
},
"description": {
"_id": null,
"data": "Rockwell Automation Connected Components Workbench (CCW) before 7.00.00 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an invalid property value to an ActiveX control that was built with an outdated compiler. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the RA.ViewElements.Grid.1 ActiveXControl method. By providing a malicious value to the LeftXOffset property, an attacker can write a four byte null value to an arbitrary location. An attacker could use this to execute arbitrary code in the context of the browser. Rockwell Automation CCW is an HMI editor and component-level industrial product for designing and configuring applications and implementing microcontrollers. Failed exploit attempts will likely result in denial-of-service conditions. \nRockwell Automation CCW 6.01.00 and prior are vulnerable. The software can be used for controller programming and device configuration, and is integrated with an HMI editor to further simplify stand-alone device programming. A security vulnerability exists in Rockwell Automation CCW versions prior to 7.00.00 due to the program using an older version of the compiler to create custom ActiveX components",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5424"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005454"
},
{
"db": "ZDI",
"id": "ZDI-14-384"
},
{
"db": "ZDI",
"id": "ZDI-14-383"
},
{
"db": "CNVD",
"id": "CNVD-2014-08308"
},
{
"db": "BID",
"id": "71052"
},
{
"db": "IVD",
"id": "b9014a1c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-73365"
}
],
"trust": 3.96
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-5424",
"trust": 5.0
},
{
"db": "ICS CERT",
"id": "ICSA-14-294-01",
"trust": 3.1
},
{
"db": "BID",
"id": "71052",
"trust": 1.0
},
{
"db": "CNVD",
"id": "CNVD-2014-08308",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201411-206",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005454",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2418",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-384",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2417",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-14-383",
"trust": 0.7
},
{
"db": "IVD",
"id": "B9014A1C-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-73365",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b9014a1c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "ZDI",
"id": "ZDI-14-384"
},
{
"db": "ZDI",
"id": "ZDI-14-383"
},
{
"db": "CNVD",
"id": "CNVD-2014-08308"
},
{
"db": "VULHUB",
"id": "VHN-73365"
},
{
"db": "BID",
"id": "71052"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005454"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-206"
},
{
"db": "NVD",
"id": "CVE-2014-5424"
}
]
},
"id": "VAR-201411-0420",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "IVD",
"id": "b9014a1c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-08308"
},
{
"db": "VULHUB",
"id": "VHN-73365"
}
],
"trust": 1.6410714350000002
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b9014a1c-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-08308"
}
]
},
"last_update_date": "2024-11-23T22:52:49.754000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Rockwell Automation has issued an update to correct this vulnerability.",
"trust": 1.4,
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-294-01"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.rockwellautomation.com/"
},
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.rockwellautomation.com/jpn/overview.page"
},
{
"title": "Rockwell Automation Connected Components Workbench has multiple patches for arbitrary code execution vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/51910"
},
{
"title": "7.00.00-CCW-Std-DVD-PartD",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52441"
},
{
"title": "7.00.00-CCW-Std-DVD-PartC",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52440"
},
{
"title": "7.00.00-CCW-Std-DVD-PartG",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52444"
},
{
"title": "7.00.00-CCW-Std-DVD-PartB",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52439"
},
{
"title": "7.00.00-CCW-Std-DVD-PartF",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52443"
},
{
"title": "7.00.00-CCW-Std-DVD-PartA",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52438"
},
{
"title": "7.00.00-CCW-Std-DVD-PartE",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52442"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-384"
},
{
"db": "ZDI",
"id": "ZDI-14-383"
},
{
"db": "CNVD",
"id": "CNVD-2014-08308"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005454"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-206"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73365"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005454"
},
{
"db": "NVD",
"id": "CVE-2014-5424"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 4.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-294-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5424"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5424"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-384"
},
{
"db": "ZDI",
"id": "ZDI-14-383"
},
{
"db": "CNVD",
"id": "CNVD-2014-08308"
},
{
"db": "VULHUB",
"id": "VHN-73365"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005454"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-206"
},
{
"db": "NVD",
"id": "CVE-2014-5424"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "IVD",
"id": "b9014a1c-2351-11e6-abef-000c29c66e3d",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-384",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-14-383",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2014-08308",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-73365",
"ident": null
},
{
"db": "BID",
"id": "71052",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005454",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201411-206",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-5424",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-11-17T00:00:00",
"db": "IVD",
"id": "b9014a1c-2351-11e6-abef-000c29c66e3d",
"ident": null
},
{
"date": "2014-11-19T00:00:00",
"db": "ZDI",
"id": "ZDI-14-384",
"ident": null
},
{
"date": "2014-11-19T00:00:00",
"db": "ZDI",
"id": "ZDI-14-383",
"ident": null
},
{
"date": "2014-11-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08308",
"ident": null
},
{
"date": "2014-11-14T00:00:00",
"db": "VULHUB",
"id": "VHN-73365",
"ident": null
},
{
"date": "2014-11-11T00:00:00",
"db": "BID",
"id": "71052",
"ident": null
},
{
"date": "2014-11-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005454",
"ident": null
},
{
"date": "2014-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-206",
"ident": null
},
{
"date": "2014-11-14T00:59:00.133000",
"db": "NVD",
"id": "CVE-2014-5424",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2014-11-19T00:00:00",
"db": "ZDI",
"id": "ZDI-14-384",
"ident": null
},
{
"date": "2014-11-19T00:00:00",
"db": "ZDI",
"id": "ZDI-14-383",
"ident": null
},
{
"date": "2014-11-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08308",
"ident": null
},
{
"date": "2014-11-14T00:00:00",
"db": "VULHUB",
"id": "VHN-73365",
"ident": null
},
{
"date": "2014-11-24T00:56:00",
"db": "BID",
"id": "71052",
"ident": null
},
{
"date": "2014-11-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005454",
"ident": null
},
{
"date": "2014-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-206",
"ident": null
},
{
"date": "2024-11-21T02:12:01.360000",
"db": "NVD",
"id": "CVE-2014-5424",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-206"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Rockwell Automation Connected Components Workbench Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005454"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-206"
}
],
"trust": 0.6
}
}
var-202105-1525
Vulnerability from variot
The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the Connected Components Workbench software. User interaction is required for this exploit to be successful. * Deserialization of untrusted data (CWE-502) - CVE-2021-27475 ‥ * Path traversal (CWE-22) - CVE-2021-27471 ‥ * Incorrect input confirmation (CWE-20) - CVE-2021-27473The expected impact depends on each vulnerability, but it may be affected as follows. * When a local user opens a malicious serialized object created by a third party in the product, the code is executed remotely. - CVE-2021-27475 ‥ * When a local user opens a malicious file created by a third party with the corresponding product, the existing file is overwritten or a new file is created with the authority of the corresponding product. - CVE-2021-27471 ‥ * Illegal created by a malicious user .ccwarc By opening the archive file with the corresponding product, the authority of the product is acquired. - CVE-2021-27473. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. An automatic programming software
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202105-1525",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "connected components workbench",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "12.00.00"
},
{
"model": "connected components workbench",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": null
},
{
"model": "connected components workbench",
"scope": "lte",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "v12.00.00 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "NVD",
"id": "CVE-2021-27471"
}
]
},
"cve": "CVE-2021-27471",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-27471",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-386738",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-27471",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2021-27471",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Local",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 7.7,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2021-001430",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27471",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2021-27471",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2021-001430",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-800",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-386738",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386738"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-800"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-27471"
},
{
"db": "NVD",
"id": "CVE-2021-27471"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The parsing mechanism that processes certain file types does not provide input sanitization for file paths. This may allow an attacker to craft malicious files that, when opened by Rockwell Automation Connected Components Workbench v12.00.00 and prior, can traverse the file system. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the Connected Components Workbench software. User interaction is required for this exploit to be successful. * Deserialization of untrusted data (CWE-502) - CVE-2021-27475 \u2025 * Path traversal (CWE-22) - CVE-2021-27471 \u2025 * Incorrect input confirmation (CWE-20) - CVE-2021-27473The expected impact depends on each vulnerability, but it may be affected as follows. * When a local user opens a malicious serialized object created by a third party in the product, the code is executed remotely. - CVE-2021-27475 \u2025 * When a local user opens a malicious file created by a third party with the corresponding product, the existing file is overwritten or a new file is created with the authority of the corresponding product. - CVE-2021-27471 \u2025 * Illegal created by a malicious user .ccwarc By opening the archive file with the corresponding product, the authority of the product is acquired. - CVE-2021-27473. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. An automatic programming software",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27471"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "VULHUB",
"id": "VHN-386738"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-21-133-01",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2021-27471",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU95873084",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001430",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.1650",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021051401",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202105-800",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021041363",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-386738",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386738"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-800"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-27471"
}
]
},
"id": "VAR-202105-1525",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-386738"
}
],
"trust": 0.58214287
},
"last_update_date": "2024-08-14T12:52:26.008000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "industrial\u00a0security\u00a0advisory\u00a0from\u00a0Rockwell\u00a0Automation\u00a0( Login required )",
"trust": 0.8,
"url": "https://idp.rockwellautomation.com/adfs/ls/idpinitiatedsignon.aspx?RelayState=RPID%3Drockwellautomation.custhelp.com%26RelayState%3Danswers%2Fanswer_view%2Fa_id%2F1131435"
},
{
"title": "Rockwell Automation Connected Components Workbench Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150443"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-800"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
},
{
"problemtype": "Incorrect input confirmation (CWE-20) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Path traversal (CWE-22) [IPA Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Deserialization of untrusted data (CWE-502) [IPA Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386738"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "NVD",
"id": "CVE-2021-27471"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1131435"
},
{
"trust": 1.7,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-133-01"
},
{
"trust": 1.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-133-01"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu95873084"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021051401"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1650"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-27471/"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-386738"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-800"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-27471"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-386738"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-800"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"db": "NVD",
"id": "CVE-2021-27471"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-386738"
},
{
"date": "2021-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"date": "2021-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-800"
},
{
"date": "2021-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-03-23T20:15:09.037000",
"db": "NVD",
"id": "CVE-2021-27471"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-03-29T00:00:00",
"db": "VULHUB",
"id": "VHN-386738"
},
{
"date": "2021-05-17T08:36:00",
"db": "JVNDB",
"id": "JVNDB-2021-001430"
},
{
"date": "2022-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-800"
},
{
"date": "2021-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-975"
},
{
"date": "2022-03-29T19:20:48.807000",
"db": "NVD",
"id": "CVE-2021-27471"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-800"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell\u00a0Automation\u00a0 Made \u00a0Connected\u00a0Components\u00a0Workbench\u00a0 Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001430"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-800"
}
],
"trust": 0.6
}
}
var-202006-0364
Vulnerability from variot
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. A vulnerability exists in the communication function that enables users to upload EDS files by FactoryTalk Linx. This may allow an attacker to upload a file with bad compression, consuming all the available CPU resources, leading to a denial-of-service condition. Rockwell Automation Provided by the company FactoryTalk Linx Software The following multiple vulnerabilities exist in. * Improper input confirmation (CWE-20) - CVE-2020-11999 * Improper input confirmation (CWE-20) - CVE-2020-12001 * Directory traversal (CWE-22) - CVE-2020-12003 * Upload any file (CWE-434) - CVE-2020-12005The expected impact depends on each vulnerability, but it may be affected as follows. * API Arbitrary code may be executed or files or data may be tampered with by a remote third party because arbitrary files are not properly sanitized during a call. - CVE-2020-11999 * Proper sanitization of specially crafted files can lead to sensitive information being stolen or arbitrary code being executed by a remote third party. - CVE-2020-12001 * API Sensitive information on the local hard drive is stolen by a remote third party because it does not properly sanitize the specially crafted request during the call. - CVE-2020-12003 * Improperly compressed by a remote third party EDF By uploading the file, the compressed file can be decompressed. CPU All resources are consumed and service operation is interrupted (DoS) The condition is triggered - CVE-2020-12005. Rockwell Automation RSLinx Classic and others are products of Rockwell Automation (USA). Rockwell Automation RSLinx Classic is a set of industrial communication solutions. Rockwell Automation ControlFLASH is a firmware update utility
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-0364",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rslinx classic",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "4.11.00"
},
{
"model": "factorytalk linx",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.10"
},
{
"model": "factorytalk linx",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.11"
},
{
"model": "factorytalk linx",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.00"
},
{
"model": "connected components workbench",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 12"
},
{
"model": "controlflash",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 14 \u304a\u3088\u3073\u305d\u308c"
},
{
"model": "controlflash plus",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 1 \u304a\u3088\u3073\u305d\u308c"
},
{
"model": "factorytalk asset centre",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 9 \u304a\u3088\u3073\u305d\u308c"
},
{
"model": "factorytalk linx",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 6.00, 6.10, 6.11"
},
{
"model": "factorytalk linx commdtm",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 1 \u304a\u3088\u3073\u305d\u308c"
},
{
"model": "studio 5000 launcher",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 31 \u304a\u3088\u3073\u305d\u308c"
},
{
"model": "studio 5000 logix designer",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "software version 32"
},
{
"model": "automation rslinx classic",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=4.11.00"
},
{
"model": "automation factorytalk linx",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "6.00"
},
{
"model": "automation factorytalk linx",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "6.10"
},
{
"model": "automation factorytalk linx",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "6.11"
},
{
"model": "automation connected components workbench",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=12"
},
{
"model": "automation controlflash",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=14"
},
{
"model": "automation controlflash plus",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=1"
},
{
"model": "automation factorytalk asset centre",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=9"
},
{
"model": "automation factorytalk linx commdtm",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=1"
},
{
"model": "automation studio launcher",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "5000\u003c=31"
},
{
"model": "automation studio logix designer software",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "5000\u003c=32"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38693"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "NVD",
"id": "CVE-2020-12005"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:rockwellautomation:connected_components_workbench",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:controlflash",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:controlflash_plus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:factorytalk_asset_centre",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:factorytalk_linx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:factorytalk_linx_commdtm",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:studio_5000_launcher",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:studio_5000_logix_designer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sharon Brizinov and Amir Preminger (VP Research) of Claroty",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-911"
}
],
"trust": 0.6
},
"cve": "CVE-2020-12005",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-12005",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-38693",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-164640",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12005",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 9.6,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005434",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 9.6,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005434",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005434",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005434",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-005434",
"trust": 1.6,
"value": "Critical"
},
{
"author": "IPA",
"id": "JVNDB-2020-005434",
"trust": 1.6,
"value": "High"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12005",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-38693",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-911",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-164640",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38693"
},
{
"db": "VULHUB",
"id": "VHN-164640"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-911"
},
{
"db": "NVD",
"id": "CVE-2020-12005"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. A vulnerability exists in the communication function that enables users to upload EDS files by FactoryTalk Linx. This may allow an attacker to upload a file with bad compression, consuming all the available CPU resources, leading to a denial-of-service condition. Rockwell Automation Provided by the company FactoryTalk Linx Software The following multiple vulnerabilities exist in. * Improper input confirmation (CWE-20) - CVE-2020-11999 * Improper input confirmation (CWE-20) - CVE-2020-12001 * Directory traversal (CWE-22) - CVE-2020-12003 * Upload any file (CWE-434) - CVE-2020-12005The expected impact depends on each vulnerability, but it may be affected as follows. * API Arbitrary code may be executed or files or data may be tampered with by a remote third party because arbitrary files are not properly sanitized during a call. - CVE-2020-11999 * Proper sanitization of specially crafted files can lead to sensitive information being stolen or arbitrary code being executed by a remote third party. - CVE-2020-12001 * API Sensitive information on the local hard drive is stolen by a remote third party because it does not properly sanitize the specially crafted request during the call. - CVE-2020-12003 * Improperly compressed by a remote third party EDF By uploading the file, the compressed file can be decompressed. CPU All resources are consumed and service operation is interrupted (DoS) The condition is triggered - CVE-2020-12005. Rockwell Automation RSLinx Classic and others are products of Rockwell Automation (USA). Rockwell Automation RSLinx Classic is a set of industrial communication solutions. Rockwell Automation ControlFLASH is a firmware update utility",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12005"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNVD",
"id": "CNVD-2020-38693"
},
{
"db": "VULHUB",
"id": "VHN-164640"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12005",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-163-02",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU91454414",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-38693",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202006-911",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2062",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-164640",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38693"
},
{
"db": "VULHUB",
"id": "VHN-164640"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-911"
},
{
"db": "NVD",
"id": "CVE-2020-12005"
}
]
},
"id": "VAR-202006-0364",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38693"
},
{
"db": "VULHUB",
"id": "VHN-164640"
}
],
"trust": 1.4670862077777778
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38693"
}
]
},
"last_update_date": "2024-11-23T22:16:26.589000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "54102-Industrial Security Advisory Index (\u8981\u30ed\u30b0\u30a4\u30f3)",
"trust": 0.8,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/54102"
},
{
"title": "Patch for Multiple Rockwell Automation product code issue vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/225415"
},
{
"title": "Multiple Rockwell Automation Product code issue vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121708"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38693"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-911"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-434",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164640"
},
{
"db": "NVD",
"id": "CVE-2020-12005"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12005"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12003"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12005"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11999"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12001"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91454414/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11999"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12001"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12003"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2062/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38693"
},
{
"db": "VULHUB",
"id": "VHN-164640"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-911"
},
{
"db": "NVD",
"id": "CVE-2020-12005"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-38693"
},
{
"db": "VULHUB",
"id": "VHN-164640"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-911"
},
{
"db": "NVD",
"id": "CVE-2020-12005"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38693"
},
{
"date": "2020-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-164640"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"date": "2020-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-911"
},
{
"date": "2020-06-15T20:15:11.473000",
"db": "NVD",
"id": "CVE-2020-12005"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38693"
},
{
"date": "2020-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-164640"
},
{
"date": "2020-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"date": "2020-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-911"
},
{
"date": "2024-11-21T04:59:05.970000",
"db": "NVD",
"id": "CVE-2020-12005"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-911"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation Made FactoryTalk Linx Software Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-911"
}
],
"trust": 0.6
}
}
var-202006-0362
Vulnerability from variot
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to use specially crafted requests to traverse the file system and expose sensitive data on the local hard drive. Rockwell Automation Provided by the company FactoryTalk Linx Software The following multiple vulnerabilities exist in. * Improper input confirmation (CWE-20) - CVE-2020-11999 * Improper input confirmation (CWE-20) - CVE-2020-12001 * Directory traversal (CWE-22) - CVE-2020-12003 * Upload any file (CWE-434) - CVE-2020-12005The expected impact depends on each vulnerability, but it may be affected as follows. * API Arbitrary code may be executed or files or data may be tampered with by a remote third party because arbitrary files are not properly sanitized during a call. - CVE-2020-11999 * Proper sanitization of specially crafted files can lead to sensitive information being stolen or arbitrary code being executed by a remote third party. - CVE-2020-12003 * Improperly compressed by a remote third party EDF By uploading the file, the compressed file can be decompressed. CPU All resources are consumed and service operation is interrupted (DoS) The condition is triggered - CVE-2020-12005. Rockwell Automation RSLinx Classic and others are products of Rockwell Automation (USA). Rockwell Automation RSLinx Classic is a set of industrial communication solutions. Rockwell Automation ControlFLASH is a firmware update utility
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-0362",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rslinx classic",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "4.11.00"
},
{
"model": "factorytalk linx",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.10"
},
{
"model": "factorytalk linx",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.11"
},
{
"model": "factorytalk linx",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.00"
},
{
"model": "connected components workbench",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 12"
},
{
"model": "controlflash",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 14 \u304a\u3088\u3073\u305d\u308c"
},
{
"model": "controlflash plus",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 1 \u304a\u3088\u3073\u305d\u308c"
},
{
"model": "factorytalk asset centre",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 9 \u304a\u3088\u3073\u305d\u308c"
},
{
"model": "factorytalk linx",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 6.00, 6.10, 6.11"
},
{
"model": "factorytalk linx commdtm",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 1 \u304a\u3088\u3073\u305d\u308c"
},
{
"model": "studio 5000 launcher",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 31 \u304a\u3088\u3073\u305d\u308c"
},
{
"model": "studio 5000 logix designer",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "software version 32"
},
{
"model": "automation rslinx classic",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=4.11.00"
},
{
"model": "automation factorytalk linx",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "6.00"
},
{
"model": "automation factorytalk linx",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "6.10"
},
{
"model": "automation factorytalk linx",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "6.11"
},
{
"model": "automation connected components workbench",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=12"
},
{
"model": "automation controlflash",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=14"
},
{
"model": "automation controlflash plus",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=1"
},
{
"model": "automation factorytalk asset centre",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=9"
},
{
"model": "automation factorytalk linx commdtm",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=1"
},
{
"model": "automation studio launcher",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "5000\u003c=31"
},
{
"model": "automation studio logix designer software",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "5000\u003c=32"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38694"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "NVD",
"id": "CVE-2020-12003"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:rockwellautomation:connected_components_workbench",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:controlflash",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:controlflash_plus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:factorytalk_asset_centre",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:factorytalk_linx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:factorytalk_linx_commdtm",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:studio_5000_launcher",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:studio_5000_logix_designer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sharon Brizinov and Amir Preminger (VP Research) of Claroty",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-913"
}
],
"trust": 0.6
},
"cve": "CVE-2020-12003",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-12003",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-38694",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-164638",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12003",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 9.6,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005434",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 9.6,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005434",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005434",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005434",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-005434",
"trust": 1.6,
"value": "Critical"
},
{
"author": "IPA",
"id": "JVNDB-2020-005434",
"trust": 1.6,
"value": "High"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12003",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-38694",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-913",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-164638",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38694"
},
{
"db": "VULHUB",
"id": "VHN-164638"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-913"
},
{
"db": "NVD",
"id": "CVE-2020-12003"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to use specially crafted requests to traverse the file system and expose sensitive data on the local hard drive. Rockwell Automation Provided by the company FactoryTalk Linx Software The following multiple vulnerabilities exist in. * Improper input confirmation (CWE-20) - CVE-2020-11999 * Improper input confirmation (CWE-20) - CVE-2020-12001 * Directory traversal (CWE-22) - CVE-2020-12003 * Upload any file (CWE-434) - CVE-2020-12005The expected impact depends on each vulnerability, but it may be affected as follows. * API Arbitrary code may be executed or files or data may be tampered with by a remote third party because arbitrary files are not properly sanitized during a call. - CVE-2020-11999 * Proper sanitization of specially crafted files can lead to sensitive information being stolen or arbitrary code being executed by a remote third party. - CVE-2020-12003 * Improperly compressed by a remote third party EDF By uploading the file, the compressed file can be decompressed. CPU All resources are consumed and service operation is interrupted (DoS) The condition is triggered - CVE-2020-12005. Rockwell Automation RSLinx Classic and others are products of Rockwell Automation (USA). Rockwell Automation RSLinx Classic is a set of industrial communication solutions. Rockwell Automation ControlFLASH is a firmware update utility",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12003"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNVD",
"id": "CNVD-2020-38694"
},
{
"db": "VULHUB",
"id": "VHN-164638"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12003",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-163-02",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVNVU91454414",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-38694",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202006-913",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2062",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-164638",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38694"
},
{
"db": "VULHUB",
"id": "VHN-164638"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-913"
},
{
"db": "NVD",
"id": "CVE-2020-12003"
}
]
},
"id": "VAR-202006-0362",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38694"
},
{
"db": "VULHUB",
"id": "VHN-164638"
}
],
"trust": 1.4670862077777778
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38694"
}
]
},
"last_update_date": "2024-11-23T22:16:26.263000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "54102-Industrial Security Advisory Index (\u8981\u30ed\u30b0\u30a4\u30f3)",
"trust": 0.8,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/54102"
},
{
"title": "Patch for Multiple Rockwell Automation product path traversal vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/225413"
},
{
"title": "Multiple Rockwell Automation Product path traversal vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121709"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38694"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-913"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164638"
},
{
"db": "NVD",
"id": "CVE-2020-12003"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12003"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12003"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12005"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11999"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12001"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91454414/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11999"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12001"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12005"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2062/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38694"
},
{
"db": "VULHUB",
"id": "VHN-164638"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-913"
},
{
"db": "NVD",
"id": "CVE-2020-12003"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-38694"
},
{
"db": "VULHUB",
"id": "VHN-164638"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-913"
},
{
"db": "NVD",
"id": "CVE-2020-12003"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38694"
},
{
"date": "2020-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-164638"
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"date": "2020-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-913"
},
{
"date": "2020-06-15T20:15:11.397000",
"db": "NVD",
"id": "CVE-2020-12003"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38694"
},
{
"date": "2020-06-24T00:00:00",
"db": "VULHUB",
"id": "VHN-164638"
},
{
"date": "2020-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"date": "2020-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-913"
},
{
"date": "2024-11-21T04:59:05.733000",
"db": "NVD",
"id": "CVE-2020-12003"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-913"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rockwell Automation Made FactoryTalk Linx Software Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-913"
}
],
"trust": 0.6
}
}
var-202006-1811
Vulnerability from variot
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code. Rockwell Automation Provided by the company FactoryTalk Linx Software The following multiple vulnerabilities exist in. * Improper input confirmation (CWE-20) - CVE-2020-11999 * Improper input confirmation (CWE-20) - CVE-2020-12001 * Directory traversal (CWE-22) - CVE-2020-12003 * Upload any file (CWE-434) - CVE-2020-12005The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2020-12001 * API Sensitive information on the local hard drive is stolen by a remote third party because it does not properly sanitize the specially crafted request during the call. - CVE-2020-12003 * Improperly compressed by a remote third party EDF By uploading the file, the compressed file can be decompressed. CPU All resources are consumed and service operation is interrupted (DoS) The condition is triggered - CVE-2020-12005. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Studio 5000. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the CopyRenameProject parameter provided to hmi_isapi.dll. The issue results from the lack of proper validation of user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Rockwell Automation RSLinx Classic and others are products of Rockwell Automation (USA). Rockwell Automation RSLinx Classic is a set of industrial communication solutions. Rockwell Automation ControlFLASH is a firmware update utility. The vulnerability stems from the failure of the resolution mechanism to clean up the input
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "rslinx classic",
"scope": "lte",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "4.11.00"
},
{
"_id": null,
"model": "factorytalk linx",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.10"
},
{
"_id": null,
"model": "factorytalk linx",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.11"
},
{
"_id": null,
"model": "factorytalk linx",
"scope": "eq",
"trust": 1.0,
"vendor": "rockwellautomation",
"version": "6.00"
},
{
"_id": null,
"model": "connected components workbench",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 12"
},
{
"_id": null,
"model": "controlflash",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 14 \u304a\u3088\u3073\u305d\u308c"
},
{
"_id": null,
"model": "controlflash plus",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 1 \u304a\u3088\u3073\u305d\u308c"
},
{
"_id": null,
"model": "factorytalk asset centre",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 9 \u304a\u3088\u3073\u305d\u308c"
},
{
"_id": null,
"model": "factorytalk linx",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 6.00, 6.10, 6.11"
},
{
"_id": null,
"model": "factorytalk linx commdtm",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 1 \u304a\u3088\u3073\u305d\u308c"
},
{
"_id": null,
"model": "studio 5000 launcher",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "version 31 \u304a\u3088\u3073\u305d\u308c"
},
{
"_id": null,
"model": "studio 5000 logix designer",
"scope": "eq",
"trust": 0.8,
"vendor": "rockwell automation",
"version": "software version 32"
},
{
"_id": null,
"model": "factorytalk linx",
"scope": null,
"trust": 0.7,
"vendor": "rockwell automation",
"version": null
},
{
"_id": null,
"model": "automation rslinx classic",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=4.11.00"
},
{
"_id": null,
"model": "automation factorytalk linx",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "6.00"
},
{
"_id": null,
"model": "automation factorytalk linx",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "6.10"
},
{
"_id": null,
"model": "automation factorytalk linx",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "6.11"
},
{
"_id": null,
"model": "automation connected components workbench",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=12"
},
{
"_id": null,
"model": "automation controlflash",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=14"
},
{
"_id": null,
"model": "automation controlflash plus",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=1"
},
{
"_id": null,
"model": "automation factorytalk asset centre",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=9"
},
{
"_id": null,
"model": "automation factorytalk linx commdtm",
"scope": "lte",
"trust": 0.6,
"vendor": "rockwell",
"version": "\u003c=1"
},
{
"_id": null,
"model": "automation studio launcher",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "5000\u003c=31"
},
{
"_id": null,
"model": "automation studio logix designer software",
"scope": "eq",
"trust": 0.6,
"vendor": "rockwell",
"version": "5000\u003c=32"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-733"
},
{
"db": "CNVD",
"id": "CNVD-2020-38695"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "NVD",
"id": "CVE-2020-12001"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:rockwellautomation:connected_components_workbench",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:controlflash",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:controlflash_plus",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:factorytalk_asset_centre",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:factorytalk_linx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:factorytalk_linx_commdtm",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:studio_5000_launcher",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:rockwellautomation:studio_5000_logix_designer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
}
]
},
"credits": {
"_id": null,
"data": "Chris Anastasio (muffin) and Steven Seeley (mr_me) of Incite Team",
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-733"
}
],
"trust": 0.7
},
"cve": "CVE-2020-12001",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-12001",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-38695",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-164636",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12001",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 9.6,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005434",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 9.6,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005434",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-005434",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-005434",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2020-12001",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2020-005434",
"trust": 1.6,
"value": "Critical"
},
{
"author": "IPA",
"id": "JVNDB-2020-005434",
"trust": 1.6,
"value": "High"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-12001",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2020-12001",
"trust": 0.7,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-38695",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-916",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-164636",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-12001",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-733"
},
{
"db": "CNVD",
"id": "CNVD-2020-38695"
},
{
"db": "VULHUB",
"id": "VHN-164636"
},
{
"db": "VULMON",
"id": "CVE-2020-12001"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-916"
},
{
"db": "NVD",
"id": "CVE-2020-12001"
}
]
},
"description": {
"_id": null,
"data": "FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code. Rockwell Automation Provided by the company FactoryTalk Linx Software The following multiple vulnerabilities exist in. * Improper input confirmation (CWE-20) - CVE-2020-11999 * Improper input confirmation (CWE-20) - CVE-2020-12001 * Directory traversal (CWE-22) - CVE-2020-12003 * Upload any file (CWE-434) - CVE-2020-12005The expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2020-12001 * API Sensitive information on the local hard drive is stolen by a remote third party because it does not properly sanitize the specially crafted request during the call. - CVE-2020-12003 * Improperly compressed by a remote third party EDF By uploading the file, the compressed file can be decompressed. CPU All resources are consumed and service operation is interrupted (DoS) The condition is triggered - CVE-2020-12005. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Studio 5000. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the CopyRenameProject parameter provided to hmi_isapi.dll. The issue results from the lack of proper validation of user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Rockwell Automation RSLinx Classic and others are products of Rockwell Automation (USA). Rockwell Automation RSLinx Classic is a set of industrial communication solutions. Rockwell Automation ControlFLASH is a firmware update utility. The vulnerability stems from the failure of the resolution mechanism to clean up the input",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12001"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "ZDI",
"id": "ZDI-20-733"
},
{
"db": "CNVD",
"id": "CNVD-2020-38695"
},
{
"db": "VULHUB",
"id": "VHN-164636"
},
{
"db": "VULMON",
"id": "CVE-2020-12001"
}
],
"trust": 2.97
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-12001",
"trust": 3.9
},
{
"db": "ICS CERT",
"id": "ICSA-20-163-02",
"trust": 3.2
},
{
"db": "ZDI",
"id": "ZDI-20-733",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU91454414",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-10292",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-38695",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202006-916",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2062",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-164636",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-12001",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-733"
},
{
"db": "CNVD",
"id": "CNVD-2020-38695"
},
{
"db": "VULHUB",
"id": "VHN-164636"
},
{
"db": "VULMON",
"id": "CVE-2020-12001"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-916"
},
{
"db": "NVD",
"id": "CVE-2020-12001"
}
]
},
"id": "VAR-202006-1811",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38695"
},
{
"db": "VULHUB",
"id": "VHN-164636"
}
],
"trust": 1.4670862077777778
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-38695"
}
]
},
"last_update_date": "2024-11-23T22:16:26.623000Z",
"patch": {
"_id": null,
"data": [
{
"title": "54102-Industrial Security Advisory Index (\u8981\u30ed\u30b0\u30a4\u30f3)",
"trust": 0.8,
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/54102"
},
{
"title": "Rockwell Automation has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126945"
},
{
"title": "Patch for Multiple Rockwell Automation product input verification error vulnerabilities (CNVD-2020-38695)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/225411"
},
{
"title": "Multiple Rockwell Automation Product input verification error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121710"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-733"
},
{
"db": "CNVD",
"id": "CNVD-2020-38695"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-916"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-164636"
},
{
"db": "NVD",
"id": "CVE-2020-12001"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.2,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-163-02"
},
{
"trust": 1.8,
"url": "https://www.zerodayinitiative.com/advisories/zdi-20-733/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12001"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12003"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12005"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-11999"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12001"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91454414/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11999"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12003"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12005"
},
{
"trust": 0.7,
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1126945"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2062/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-20-733"
},
{
"db": "CNVD",
"id": "CNVD-2020-38695"
},
{
"db": "VULHUB",
"id": "VHN-164636"
},
{
"db": "VULMON",
"id": "CVE-2020-12001"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-916"
},
{
"db": "NVD",
"id": "CVE-2020-12001"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-20-733",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2020-38695",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-164636",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2020-12001",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-005434",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202006-916",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-12001",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-06-22T00:00:00",
"db": "ZDI",
"id": "ZDI-20-733",
"ident": null
},
{
"date": "2020-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38695",
"ident": null
},
{
"date": "2020-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-164636",
"ident": null
},
{
"date": "2020-06-15T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12001",
"ident": null
},
{
"date": "2020-06-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005434",
"ident": null
},
{
"date": "2020-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-916",
"ident": null
},
{
"date": "2020-06-15T20:15:11.317000",
"db": "NVD",
"id": "CVE-2020-12001",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2020-06-23T00:00:00",
"db": "ZDI",
"id": "ZDI-20-733",
"ident": null
},
{
"date": "2020-07-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-38695",
"ident": null
},
{
"date": "2021-11-04T00:00:00",
"db": "VULHUB",
"id": "VHN-164636",
"ident": null
},
{
"date": "2020-06-24T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12001",
"ident": null
},
{
"date": "2020-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-005434",
"ident": null
},
{
"date": "2020-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-916",
"ident": null
},
{
"date": "2024-11-21T04:59:05.470000",
"db": "NVD",
"id": "CVE-2020-12001",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-916"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Rockwell Automation Made FactoryTalk Linx Software Multiple vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-005434"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-916"
}
],
"trust": 0.6
}
}