All the vulnerabilites related to Siemens - RUGGEDCOM ROX MX5000
var-202105-1325
Vulnerability from variot

In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted. There is a discrepancy between the code that handles encapsulated option information in leases transmitted "on the wire" and the code which reads and parses lease information after it has been written to disk storage. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability. (CVE-2021-25217). Bugs fixed (https://bugzilla.redhat.com/):

1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1945703 - "Guest OS Info" availability in VMI describe is flaky 1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster 1963275 - migration controller null pointer dereference 1965099 - Live Migration double handoff to virt-handler causes connection failures 1965181 - CDI importer doesn't report AwaitingVDDK like it used to 1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod 1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs 1969756 - Windows VMs fail to start on air-gapped environments 1970372 - Virt-handler fails to verify container-disk 1973227 - segfault in virt-controller during pdb deletion 1974084 - 2.6.6 containers 1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted] 1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration 1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner 1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i... 1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8

  1. These packages include redhat-release-virtualization-host. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor

  1. Solution:

For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html

Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html

  1. ========================================================================= Ubuntu Security Notice USN-4969-2 May 27, 2021

isc-dhcp vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Summary:

DHCP could be made to crash if it received specially crafted network traffic.

Software Description: - isc-dhcp: DHCP server and client

Details:

USN-4969-1 fixed a vulnerability in DHCP. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM.

Original advisory details:

Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue to cause DHCP to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 ESM: isc-dhcp-client 4.3.3-5ubuntu12.10+esm1 isc-dhcp-server 4.3.3-5ubuntu12.10+esm1

Ubuntu 14.04 ESM: isc-dhcp-client 4.2.4-7ubuntu12.13+esm1 isc-dhcp-server 4.2.4-7ubuntu12.13+esm1

In general, a standard system update will make all the necessary changes. 7.7) - ppc64, ppc64le, s390x, x86_64

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: dhcp security update Advisory ID: RHSA-2021:2357-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:2357 Issue date: 2021-06-09 CVE Names: CVE-2021-25217 ==================================================================== 1. Summary:

An update for dhcp is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.

Security Fix(es):

  • dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient (CVE-2021-25217)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

  1. Bugs fixed (https://bugzilla.redhat.com/):

1963258 - CVE-2021-25217 dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: dhcp-4.2.5-83.el7_9.1.src.rpm

x86_64: dhclient-4.2.5-83.el7_9.1.x86_64.rpm dhcp-common-4.2.5-83.el7_9.1.x86_64.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-libs-4.2.5-83.el7_9.1.i686.rpm dhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: dhcp-4.2.5-83.el7_9.1.x86_64.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-devel-4.2.5-83.el7_9.1.i686.rpm dhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: dhcp-4.2.5-83.el7_9.1.src.rpm

x86_64: dhclient-4.2.5-83.el7_9.1.x86_64.rpm dhcp-common-4.2.5-83.el7_9.1.x86_64.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-libs-4.2.5-83.el7_9.1.i686.rpm dhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: dhcp-4.2.5-83.el7_9.1.x86_64.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-devel-4.2.5-83.el7_9.1.i686.rpm dhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: dhcp-4.2.5-83.el7_9.1.src.rpm

ppc64: dhclient-4.2.5-83.el7_9.1.ppc64.rpm dhcp-4.2.5-83.el7_9.1.ppc64.rpm dhcp-common-4.2.5-83.el7_9.1.ppc64.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.ppc.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.ppc64.rpm dhcp-libs-4.2.5-83.el7_9.1.ppc.rpm dhcp-libs-4.2.5-83.el7_9.1.ppc64.rpm

ppc64le: dhclient-4.2.5-83.el7_9.1.ppc64le.rpm dhcp-4.2.5-83.el7_9.1.ppc64le.rpm dhcp-common-4.2.5-83.el7_9.1.ppc64le.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.ppc64le.rpm dhcp-libs-4.2.5-83.el7_9.1.ppc64le.rpm

s390x: dhclient-4.2.5-83.el7_9.1.s390x.rpm dhcp-4.2.5-83.el7_9.1.s390x.rpm dhcp-common-4.2.5-83.el7_9.1.s390x.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.s390.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.s390x.rpm dhcp-libs-4.2.5-83.el7_9.1.s390.rpm dhcp-libs-4.2.5-83.el7_9.1.s390x.rpm

x86_64: dhclient-4.2.5-83.el7_9.1.x86_64.rpm dhcp-4.2.5-83.el7_9.1.x86_64.rpm dhcp-common-4.2.5-83.el7_9.1.x86_64.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-libs-4.2.5-83.el7_9.1.i686.rpm dhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: dhcp-debuginfo-4.2.5-83.el7_9.1.ppc.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.ppc64.rpm dhcp-devel-4.2.5-83.el7_9.1.ppc.rpm dhcp-devel-4.2.5-83.el7_9.1.ppc64.rpm

ppc64le: dhcp-debuginfo-4.2.5-83.el7_9.1.ppc64le.rpm dhcp-devel-4.2.5-83.el7_9.1.ppc64le.rpm

s390x: dhcp-debuginfo-4.2.5-83.el7_9.1.s390.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.s390x.rpm dhcp-devel-4.2.5-83.el7_9.1.s390.rpm dhcp-devel-4.2.5-83.el7_9.1.s390x.rpm

x86_64: dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-devel-4.2.5-83.el7_9.1.i686.rpm dhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: dhcp-4.2.5-83.el7_9.1.src.rpm

x86_64: dhclient-4.2.5-83.el7_9.1.x86_64.rpm dhcp-4.2.5-83.el7_9.1.x86_64.rpm dhcp-common-4.2.5-83.el7_9.1.x86_64.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-libs-4.2.5-83.el7_9.1.i686.rpm dhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: dhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm dhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm dhcp-devel-4.2.5-83.el7_9.1.i686.rpm dhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2021-25217 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYMCeytzjgjWX9erEAQgPYw/+K6NTT5tvNy0WHRy46UioFuzIbxlMOPzm zXmk61B2Dgod7DCU3EbF9u7nSViaQds11pDCrTejH70WrqNQSaWMhsASgtNmQ42q 0oVWQwqyB8mP/73BwYJQ84eZDGwsyqQf/9MO96g4c0jlZOAu9vSxvSflQ4DY8m9L 0+pk3/zHOsUz3Za7Ns/1wa8pmq3hxAt0z6Z6ri0Ka8CEHg7W7ELGC67ih1BOcpP5 mdWOSfTW+F1EzmerDW0eom09R/Ndfo/FdGeCbEq1K6kvcrPy4e/tsyBCquPYPFar aTADxJPMObDTY0dJhqw1qZ5cERLnhJaj8GzWc0Ne2KIAFig/NcVhEZL8RtvrNWhO JIaVZ7zK6bi1VASVVIAP8yQzwdZFEbfMREOa705gMvXMz1Ux08YvsbrelD/LeJXe 45C2+zGvM7KDd/AlrhopZPbBJI07tbNe8qWzFggJtBTMVg28i5K7DjFjvASFZFrV 8nKdWae1GOEtH23fygGOoW4m0KkGWd1Tc/lte6Wy788KOa/yF3IQkWeTSo5KG33Q UHCzx6NzHyeAgW7K9QvvpIjfbxIAyBbebsIkhOhySjfsAp28lKkaZZRVF/sNWIvG GRibEMi366KUTR5AiTMAjHoYgIDzp7nywWiYBhf9SuNgqV3kG0Yz7fd1ac0+qcH5 zPKanVJNoQs=9+pl -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64


  1. Gentoo Linux Security Advisory GLSA 202305-22

                                       https://security.gentoo.org/

Severity: Normal Title: ISC DHCP: Multiple Vulnerabilities Date: May 03, 2023 Bugs: #875521, #792324 ID: 202305-22


Synopsis

Multiple vulnerabilities have been discovered in ISC DHCP, the worst of which could result in denial of service.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-misc/dhcp < 4.4.3_p1 >= 4.4.3_p1

Description

Multiple vulnerabilities have been discovered in ISC DHCP. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All ISC DHCP users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/dhcp-4.4.3_p1"

References

[ 1 ] CVE-2021-25217 https://nvd.nist.gov/vuln/detail/CVE-2021-25217 [ 2 ] CVE-2022-2928 https://nvd.nist.gov/vuln/detail/CVE-2022-2928 [ 3 ] CVE-2022-2929 https://nvd.nist.gov/vuln/detail/CVE-2022-2929

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202305-22

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202105-1325",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sinec ins",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "34"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.15.0"
      },
      {
        "model": "ontap select deploy administration utility",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.3.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.15.0"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.3.0"
      },
      {
        "model": "solidfire \\\u0026 hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "dhcp",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "isc",
        "version": "4.4.2"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.3.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.15.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.3.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.3.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.3.0"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.3.0"
      },
      {
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "33"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.15.0"
      },
      {
        "model": "sinec ins",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "1.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.15.0"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.15.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.15.0"
      },
      {
        "model": "dhcp",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "isc",
        "version": "4.4.0"
      },
      {
        "model": "dhcp",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "isc",
        "version": "4.1-esv"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.15.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.15.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.15.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-25217"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "163789"
      },
      {
        "db": "PACKETSTORM",
        "id": "163196"
      },
      {
        "db": "PACKETSTORM",
        "id": "163155"
      },
      {
        "db": "PACKETSTORM",
        "id": "163240"
      },
      {
        "db": "PACKETSTORM",
        "id": "163400"
      },
      {
        "db": "PACKETSTORM",
        "id": "163129"
      },
      {
        "db": "PACKETSTORM",
        "id": "163137"
      },
      {
        "db": "PACKETSTORM",
        "id": "163051"
      },
      {
        "db": "PACKETSTORM",
        "id": "163052"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2021-25217",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "id": "CVE-2021-25217",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.1,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2021-25217",
            "impactScore": 4.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-25217",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "security-officer@isc.org",
            "id": "CVE-2021-25217",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-25217",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-25217"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-25217"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-25217"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In ISC DHCP 4.1-ESV-R1 -\u003e 4.1-ESV-R16, ISC DHCP 4.4.0 -\u003e 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted. There is a discrepancy between the code that handles encapsulated option information in leases transmitted \"on the wire\" and the code which reads and parses lease information after it has been written to disk storage. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability. (CVE-2021-25217). Bugs fixed (https://bugzilla.redhat.com/):\n\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n1945703 - \"Guest OS Info\" availability in VMI describe is flaky\n1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster\n1963275 - migration controller null pointer dereference\n1965099 - Live Migration double handoff to virt-handler causes connection failures\n1965181 - CDI importer doesn\u0027t report AwaitingVDDK like it used to\n1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod\n1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs\n1969756 - Windows VMs fail to start on air-gapped environments\n1970372 - Virt-handler fails to verify container-disk\n1973227 - segfault in virt-controller during pdb deletion\n1974084 - 2.6.6 containers\n1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted]\n1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration\n1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner\n1982760 - [v2v] no kind VirtualMachine is registered for version \\\"kubevirt.io/v1\\\" i... \n1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with \u003c= 4.8\n\n5. \nThese packages include redhat-release-virtualization-host. \nRHVH features a Cockpit user interface for monitoring the host\u0027s resources\nand\nperforming administrative tasks. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n4. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html\n\n5. =========================================================================\nUbuntu Security Notice USN-4969-2\nMay 27, 2021\n\nisc-dhcp vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n- Ubuntu 14.04 ESM\n\nSummary:\n\nDHCP could be made to crash if it received specially crafted network\ntraffic. \n\nSoftware Description:\n- isc-dhcp: DHCP server and client\n\nDetails:\n\nUSN-4969-1 fixed a vulnerability in DHCP. This update provides\nthe corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. \n\n\nOriginal advisory details:\n\n Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly\n handled lease file parsing. A remote attacker could possibly use this issue\n to cause DHCP to crash, resulting in a denial of service. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n  isc-dhcp-client                 4.3.3-5ubuntu12.10+esm1\n  isc-dhcp-server                 4.3.3-5ubuntu12.10+esm1\n\nUbuntu 14.04 ESM:\n  isc-dhcp-client                 4.2.4-7ubuntu12.13+esm1\n  isc-dhcp-server                 4.2.4-7ubuntu12.13+esm1\n\nIn general, a standard system update will make all the necessary changes. 7.7) - ppc64, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: dhcp security update\nAdvisory ID:       RHSA-2021:2357-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:2357\nIssue date:        2021-06-09\nCVE Names:         CVE-2021-25217\n====================================================================\n1. Summary:\n\nAn update for dhcp is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe Dynamic Host Configuration Protocol (DHCP) is a protocol that allows\nindividual devices on an IP network to get their own network configuration\ninformation, including an IP address, a subnet mask, and a broadcast\naddress. The dhcp packages provide a relay agent and ISC DHCP service\nrequired to enable and administer DHCP on a network. \n\nSecurity Fix(es):\n\n* dhcp: stack-based buffer overflow when parsing statements with\ncolon-separated hex digits in config or lease files in dhcpd and dhclient\n(CVE-2021-25217)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963258 - CVE-2021-25217 dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ndhcp-4.2.5-83.el7_9.1.src.rpm\n\nx86_64:\ndhclient-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-common-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-libs-4.2.5-83.el7_9.1.i686.rpm\ndhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\ndhcp-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-devel-4.2.5-83.el7_9.1.i686.rpm\ndhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ndhcp-4.2.5-83.el7_9.1.src.rpm\n\nx86_64:\ndhclient-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-common-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-libs-4.2.5-83.el7_9.1.i686.rpm\ndhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\ndhcp-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-devel-4.2.5-83.el7_9.1.i686.rpm\ndhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ndhcp-4.2.5-83.el7_9.1.src.rpm\n\nppc64:\ndhclient-4.2.5-83.el7_9.1.ppc64.rpm\ndhcp-4.2.5-83.el7_9.1.ppc64.rpm\ndhcp-common-4.2.5-83.el7_9.1.ppc64.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.ppc.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.ppc64.rpm\ndhcp-libs-4.2.5-83.el7_9.1.ppc.rpm\ndhcp-libs-4.2.5-83.el7_9.1.ppc64.rpm\n\nppc64le:\ndhclient-4.2.5-83.el7_9.1.ppc64le.rpm\ndhcp-4.2.5-83.el7_9.1.ppc64le.rpm\ndhcp-common-4.2.5-83.el7_9.1.ppc64le.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.ppc64le.rpm\ndhcp-libs-4.2.5-83.el7_9.1.ppc64le.rpm\n\ns390x:\ndhclient-4.2.5-83.el7_9.1.s390x.rpm\ndhcp-4.2.5-83.el7_9.1.s390x.rpm\ndhcp-common-4.2.5-83.el7_9.1.s390x.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.s390.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.s390x.rpm\ndhcp-libs-4.2.5-83.el7_9.1.s390.rpm\ndhcp-libs-4.2.5-83.el7_9.1.s390x.rpm\n\nx86_64:\ndhclient-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-common-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-libs-4.2.5-83.el7_9.1.i686.rpm\ndhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\ndhcp-debuginfo-4.2.5-83.el7_9.1.ppc.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.ppc64.rpm\ndhcp-devel-4.2.5-83.el7_9.1.ppc.rpm\ndhcp-devel-4.2.5-83.el7_9.1.ppc64.rpm\n\nppc64le:\ndhcp-debuginfo-4.2.5-83.el7_9.1.ppc64le.rpm\ndhcp-devel-4.2.5-83.el7_9.1.ppc64le.rpm\n\ns390x:\ndhcp-debuginfo-4.2.5-83.el7_9.1.s390.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.s390x.rpm\ndhcp-devel-4.2.5-83.el7_9.1.s390.rpm\ndhcp-devel-4.2.5-83.el7_9.1.s390x.rpm\n\nx86_64:\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-devel-4.2.5-83.el7_9.1.i686.rpm\ndhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ndhcp-4.2.5-83.el7_9.1.src.rpm\n\nx86_64:\ndhclient-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-common-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-libs-4.2.5-83.el7_9.1.i686.rpm\ndhcp-libs-4.2.5-83.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\ndhcp-debuginfo-4.2.5-83.el7_9.1.i686.rpm\ndhcp-debuginfo-4.2.5-83.el7_9.1.x86_64.rpm\ndhcp-devel-4.2.5-83.el7_9.1.i686.rpm\ndhcp-devel-4.2.5-83.el7_9.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-25217\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYMCeytzjgjWX9erEAQgPYw/+K6NTT5tvNy0WHRy46UioFuzIbxlMOPzm\nzXmk61B2Dgod7DCU3EbF9u7nSViaQds11pDCrTejH70WrqNQSaWMhsASgtNmQ42q\n0oVWQwqyB8mP/73BwYJQ84eZDGwsyqQf/9MO96g4c0jlZOAu9vSxvSflQ4DY8m9L\n0+pk3/zHOsUz3Za7Ns/1wa8pmq3hxAt0z6Z6ri0Ka8CEHg7W7ELGC67ih1BOcpP5\nmdWOSfTW+F1EzmerDW0eom09R/Ndfo/FdGeCbEq1K6kvcrPy4e/tsyBCquPYPFar\naTADxJPMObDTY0dJhqw1qZ5cERLnhJaj8GzWc0Ne2KIAFig/NcVhEZL8RtvrNWhO\nJIaVZ7zK6bi1VASVVIAP8yQzwdZFEbfMREOa705gMvXMz1Ux08YvsbrelD/LeJXe\n45C2+zGvM7KDd/AlrhopZPbBJI07tbNe8qWzFggJtBTMVg28i5K7DjFjvASFZFrV\n8nKdWae1GOEtH23fygGOoW4m0KkGWd1Tc/lte6Wy788KOa/yF3IQkWeTSo5KG33Q\nUHCzx6NzHyeAgW7K9QvvpIjfbxIAyBbebsIkhOhySjfsAp28lKkaZZRVF/sNWIvG\nGRibEMi366KUTR5AiTMAjHoYgIDzp7nywWiYBhf9SuNgqV3kG0Yz7fd1ac0+qcH5\nzPKanVJNoQs=9+pl\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202305-22\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: ISC DHCP: Multiple Vulnerabilities\n     Date: May 03, 2023\n     Bugs: #875521, #792324\n       ID: 202305-22\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been discovered in ISC DHCP, the worst of\nwhich could result in denial of service. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/dhcp              \u003c 4.4.3_p1                \u003e= 4.4.3_p1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in ISC DHCP. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll ISC DHCP users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-misc/dhcp-4.4.3_p1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2021-25217\n      https://nvd.nist.gov/vuln/detail/CVE-2021-25217\n[ 2 ] CVE-2022-2928\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2928\n[ 3 ] CVE-2022-2929\n      https://nvd.nist.gov/vuln/detail/CVE-2022-2929\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202305-22\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2023 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-25217"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-25217"
      },
      {
        "db": "PACKETSTORM",
        "id": "163789"
      },
      {
        "db": "PACKETSTORM",
        "id": "163196"
      },
      {
        "db": "PACKETSTORM",
        "id": "163155"
      },
      {
        "db": "PACKETSTORM",
        "id": "163240"
      },
      {
        "db": "PACKETSTORM",
        "id": "163400"
      },
      {
        "db": "PACKETSTORM",
        "id": "162840"
      },
      {
        "db": "PACKETSTORM",
        "id": "162841"
      },
      {
        "db": "PACKETSTORM",
        "id": "163129"
      },
      {
        "db": "PACKETSTORM",
        "id": "163137"
      },
      {
        "db": "PACKETSTORM",
        "id": "163051"
      },
      {
        "db": "PACKETSTORM",
        "id": "163052"
      },
      {
        "db": "PACKETSTORM",
        "id": "172130"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-25217",
        "trust": 2.3
      },
      {
        "db": "SIEMENS",
        "id": "SSA-637483",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-406691",
        "trust": 1.1
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2021/05/26/6",
        "trust": 1.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-258-05",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-25217",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163789",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163196",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163155",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163240",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163400",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162840",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "162841",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163129",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163137",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163051",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "163052",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "172130",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-25217"
      },
      {
        "db": "PACKETSTORM",
        "id": "163789"
      },
      {
        "db": "PACKETSTORM",
        "id": "163196"
      },
      {
        "db": "PACKETSTORM",
        "id": "163155"
      },
      {
        "db": "PACKETSTORM",
        "id": "163240"
      },
      {
        "db": "PACKETSTORM",
        "id": "163400"
      },
      {
        "db": "PACKETSTORM",
        "id": "162840"
      },
      {
        "db": "PACKETSTORM",
        "id": "162841"
      },
      {
        "db": "PACKETSTORM",
        "id": "163129"
      },
      {
        "db": "PACKETSTORM",
        "id": "163137"
      },
      {
        "db": "PACKETSTORM",
        "id": "163051"
      },
      {
        "db": "PACKETSTORM",
        "id": "163052"
      },
      {
        "db": "PACKETSTORM",
        "id": "172130"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-25217"
      }
    ]
  },
  "id": "VAR-202105-1325",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.366531175
  },
  "last_update_date": "2024-11-29T21:52:01.308000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Debian CVElist Bug Report Logs: isc-dhcp: CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=b55bb445f71f0d88702845d3582e2b5c"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2021-1510",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1510"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2021-1654",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1654"
      },
      {
        "title": "Red Hat: CVE-2021-25217",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-25217"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-25217 log"
      },
      {
        "title": "Palo Alto Networks Security Advisory: PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=34f98e4f4344c97599fe2d33618956a7"
      },
      {
        "title": "Completion for lacework",
        "trust": 0.1,
        "url": "https://github.com/fbreton/lacework "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-25217"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-25217"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/202305-22"
      },
      {
        "trust": 1.1,
        "url": "https://kb.isc.org/docs/cve-2021-25217"
      },
      {
        "trust": 1.1,
        "url": "http://www.openwall.com/lists/oss-security/2021/05/26/6"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00002.html"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-406691.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://security.netapp.com/advisory/ntap-20220325-0011/"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/z2lb42jwiv4m4wdnxx5vgip26feywkif/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5qi4dyc7j4bghew3nh4xhmwthyc36uk4/"
      },
      {
        "trust": 1.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25217"
      },
      {
        "trust": 0.9,
        "url": "https://access.redhat.com/security/cve/cve-2021-25217"
      },
      {
        "trust": 0.9,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.9,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.9,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.8,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-27219"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2021-3560"
      },
      {
        "trust": 0.2,
        "url": "https://ubuntu.com/security/notices/usn-4969-1"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989157"
      },
      {
        "trust": 0.1,
        "url": "https://alas.aws.amazon.com/alas-2021-1510.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-258-05"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14347"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14346"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8286"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28196"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15358"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25712"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23240"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12364"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3520"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9951"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13434"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23239"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-36242"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25037"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3537"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12363"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8231"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33909"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3518"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-32399"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-29362"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9948"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13012"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28935"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3516"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-14502"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25034"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8285"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25035"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-9169"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26116"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14363"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25038"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14345"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13584"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26137"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13543"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14360"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13584"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-29361"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3517"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20201"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25042"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12362"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25659"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3541"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25032"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25041"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:3119"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25036"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27619"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20271"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-25215"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9983"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3326"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14344"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25013"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-2708"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14345"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14344"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-23336"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14362"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14361"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8927"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12363"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-29363"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3114"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-28211"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25039"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14346"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-25040"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12364"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-10228"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8284"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-33910"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27618"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2469"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2420"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24489"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/2974891"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24489"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2519"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3560"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2554"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2555"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
      },
      {
        "trust": 0.1,
        "url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/isc-dhcp/4.3.5-3ubuntu7.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/isc-dhcp/4.4.1-2.1ubuntu5.20.04.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/isc-dhcp/4.4.1-2.2ubuntu6.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/isc-dhcp/4.4.1-2.1ubuntu10.1"
      },
      {
        "trust": 0.1,
        "url": "https://ubuntu.com/security/notices/usn-4969-2"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2405"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2418"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2357"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:2359"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2929"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-2928"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-25217"
      },
      {
        "db": "PACKETSTORM",
        "id": "163789"
      },
      {
        "db": "PACKETSTORM",
        "id": "163196"
      },
      {
        "db": "PACKETSTORM",
        "id": "163155"
      },
      {
        "db": "PACKETSTORM",
        "id": "163240"
      },
      {
        "db": "PACKETSTORM",
        "id": "163400"
      },
      {
        "db": "PACKETSTORM",
        "id": "162840"
      },
      {
        "db": "PACKETSTORM",
        "id": "162841"
      },
      {
        "db": "PACKETSTORM",
        "id": "163129"
      },
      {
        "db": "PACKETSTORM",
        "id": "163137"
      },
      {
        "db": "PACKETSTORM",
        "id": "163051"
      },
      {
        "db": "PACKETSTORM",
        "id": "163052"
      },
      {
        "db": "PACKETSTORM",
        "id": "172130"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-25217"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2021-25217"
      },
      {
        "db": "PACKETSTORM",
        "id": "163789"
      },
      {
        "db": "PACKETSTORM",
        "id": "163196"
      },
      {
        "db": "PACKETSTORM",
        "id": "163155"
      },
      {
        "db": "PACKETSTORM",
        "id": "163240"
      },
      {
        "db": "PACKETSTORM",
        "id": "163400"
      },
      {
        "db": "PACKETSTORM",
        "id": "162840"
      },
      {
        "db": "PACKETSTORM",
        "id": "162841"
      },
      {
        "db": "PACKETSTORM",
        "id": "163129"
      },
      {
        "db": "PACKETSTORM",
        "id": "163137"
      },
      {
        "db": "PACKETSTORM",
        "id": "163051"
      },
      {
        "db": "PACKETSTORM",
        "id": "163052"
      },
      {
        "db": "PACKETSTORM",
        "id": "172130"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-25217"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-05-26T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-25217"
      },
      {
        "date": "2021-08-11T16:15:17",
        "db": "PACKETSTORM",
        "id": "163789"
      },
      {
        "date": "2021-06-17T18:09:00",
        "db": "PACKETSTORM",
        "id": "163196"
      },
      {
        "date": "2021-06-15T15:18:36",
        "db": "PACKETSTORM",
        "id": "163155"
      },
      {
        "date": "2021-06-22T19:32:24",
        "db": "PACKETSTORM",
        "id": "163240"
      },
      {
        "date": "2021-07-06T15:19:09",
        "db": "PACKETSTORM",
        "id": "163400"
      },
      {
        "date": "2021-05-27T13:30:32",
        "db": "PACKETSTORM",
        "id": "162840"
      },
      {
        "date": "2021-05-27T13:30:42",
        "db": "PACKETSTORM",
        "id": "162841"
      },
      {
        "date": "2021-06-14T15:49:07",
        "db": "PACKETSTORM",
        "id": "163129"
      },
      {
        "date": "2021-06-15T14:41:42",
        "db": "PACKETSTORM",
        "id": "163137"
      },
      {
        "date": "2021-06-09T13:43:37",
        "db": "PACKETSTORM",
        "id": "163051"
      },
      {
        "date": "2021-06-09T13:43:47",
        "db": "PACKETSTORM",
        "id": "163052"
      },
      {
        "date": "2023-05-03T15:37:18",
        "db": "PACKETSTORM",
        "id": "172130"
      },
      {
        "date": "2021-05-26T22:15:07.947000",
        "db": "NVD",
        "id": "CVE-2021-25217"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-25217"
      },
      {
        "date": "2023-11-07T03:31:24.893000",
        "db": "NVD",
        "id": "CVE-2021-25217"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "162840"
      },
      {
        "db": "PACKETSTORM",
        "id": "162841"
      }
    ],
    "trust": 0.2
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat Security Advisory 2021-3119-01",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "163789"
      }
    ],
    "trust": 0.1
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "overflow",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "163196"
      },
      {
        "db": "PACKETSTORM",
        "id": "163155"
      },
      {
        "db": "PACKETSTORM",
        "id": "163240"
      },
      {
        "db": "PACKETSTORM",
        "id": "163400"
      },
      {
        "db": "PACKETSTORM",
        "id": "163129"
      },
      {
        "db": "PACKETSTORM",
        "id": "163137"
      },
      {
        "db": "PACKETSTORM",
        "id": "163051"
      },
      {
        "db": "PACKETSTORM",
        "id": "163052"
      }
    ],
    "trust": 0.8
  }
}

var-202307-0588
Vulnerability from variot

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments.

Siemens RUGGEDCOM ROX has a command injection vulnerability. The vulnerability stems from the lack of server-side input validation

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0588",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60611"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021735"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36750"
      }
    ]
  },
  "cve": "CVE-2023-36750",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2023-60611",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "id": "CVE-2023-36750",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "productcert@siemens.com",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.3,
            "id": "CVE-2023-36750",
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.2,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2023-36750",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2023-36750",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2023-36750",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2023-36750",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-60611",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202307-736",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60611"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021735"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-736"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36750"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36750"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments. \n\r\n\r\nSiemens RUGGEDCOM ROX has a command injection vulnerability. The vulnerability stems from the lack of server-side input validation",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-36750"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021735"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-60611"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36750"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-36750",
        "trust": 3.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-146325",
        "trust": 3.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-194-01",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95292697",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021735",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-60611",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-736",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36750",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60611"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36750"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021735"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-736"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36750"
      }
    ]
  },
  "id": "VAR-202307-0588",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60611"
      }
    ],
    "trust": 1.17411168
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60611"
      }
    ]
  },
  "last_update_date": "2024-08-14T12:28:23.431000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Siemens RUGGEDCOM ROX Command Injection Vulnerability (CNVD-2023-60611)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/449061"
      },
      {
        "title": "Siemens RUGGEDCOM ROX A series of products Fixes for command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=246659"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60611"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-736"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-77",
        "trust": 1.0
      },
      {
        "problemtype": "Command injection (CWE-77) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021735"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36750"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95292697/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36750"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01"
      },
      {
        "trust": 0.6,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2023-36750/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60611"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36750"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021735"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-736"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36750"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60611"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36750"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021735"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-736"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36750"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-60611"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-36750"
      },
      {
        "date": "2024-01-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021735"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-736"
      },
      {
        "date": "2023-07-11T10:15:11.170000",
        "db": "NVD",
        "id": "CVE-2023-36750"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-60611"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-36750"
      },
      {
        "date": "2024-01-19T08:07:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021735"
      },
      {
        "date": "2023-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-736"
      },
      {
        "date": "2023-07-18T18:28:19.370000",
        "db": "NVD",
        "id": "CVE-2023-36750"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-736"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Command injection vulnerability in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021735"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "command injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-736"
      }
    ],
    "trust": 0.6
  }
}

var-202109-1214
Vulnerability from variot

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access. Multiple Siemens products contain unnecessary privileged execution vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a certain degree of reliability and set the standard for communication networks deployed in harsh environments. RUGGEDCOM RX1400 is a multi-protocol smart node that combines Ethernet switching, routing and application hosting functions with various wide-area connectivity options.

Siemens RUGGEDCOM ROX has a privilege escalation vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1214",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71419"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011720"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37174"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Michael Messner from Siemens Energy reported these vulnerabilities to Siemens.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-811"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2021-37174",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2021-37174",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2021-71419",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2021-37174",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-37174",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-37174",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-37174",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-71419",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202109-811",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-37174",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71419"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37174"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011720"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-811"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37174"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access. Multiple Siemens products contain unnecessary privileged execution vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a certain degree of reliability and set the standard for communication networks deployed in harsh environments. RUGGEDCOM RX1400 is a multi-protocol smart node that combines Ethernet switching, routing and application hosting functions with various wide-area connectivity options. \n\r\n\r\nSiemens RUGGEDCOM ROX has a privilege escalation vulnerability. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-37174"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011720"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-71419"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37174"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-37174",
        "trust": 3.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-150692",
        "trust": 2.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011720",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-71419",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3140",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-259-01",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021091703",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-811",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37174",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71419"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37174"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011720"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-811"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37174"
      }
    ]
  },
  "id": "VAR-202109-1214",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71419"
      }
    ],
    "trust": 1.12540106
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71419"
      }
    ]
  },
  "last_update_date": "2024-08-14T13:07:17.525000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-150692",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf"
      },
      {
        "title": "Patch for Siemens RUGGEDCOM ROX Privilege Escalation Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/290836"
      },
      {
        "title": "Siemens RUGGEDCOM Remediation measures for authorization problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=163037"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=93a87ed46de57a6f27b2f3f9a3698e0c"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71419"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37174"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011720"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-811"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-250",
        "trust": 1.0
      },
      {
        "problemtype": "Execution with unnecessary privileges (CWE-250) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011720"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37174"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37174"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-259-01"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ruggedcom-rox-three-vulnerabilities-36396"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021091703"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3140"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/250.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-150692.txt"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71419"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37174"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011720"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-811"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37174"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71419"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37174"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011720"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-811"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37174"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-71419"
      },
      {
        "date": "2021-09-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-37174"
      },
      {
        "date": "2022-08-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-011720"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-09-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-811"
      },
      {
        "date": "2021-09-14T11:15:25.273000",
        "db": "NVD",
        "id": "CVE-2021-37174"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-71419"
      },
      {
        "date": "2021-09-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-37174"
      },
      {
        "date": "2022-08-09T06:52:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-011720"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-09-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-811"
      },
      {
        "date": "2021-09-23T18:15:20.810000",
        "db": "NVD",
        "id": "CVE-2021-37174"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-811"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unnecessary privileged execution vulnerability in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011720"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

var-202110-0522
Vulnerability from variot

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service. Multiple Siemens products contain vulnerabilities in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. ROX-based VPN endpoints and firewall devices are used to connect devices that operate in harsh environments, such as power facility substations and traffic control cabinets.

The Siemens RUGGEDCOM ROX device has a denial of service vulnerability

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202110-0522",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-77598"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013659"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-41546"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens reported this vulnerability to CISA.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-773"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2021-41546",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2021-41546",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2021-77598",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-41546",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-41546",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-41546",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-41546",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-77598",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202110-773",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-41546",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-77598"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-41546"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013659"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-773"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-41546"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service. Multiple Siemens products contain vulnerabilities in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. ROX-based VPN endpoints and firewall devices are used to connect devices that operate in harsh environments, such as power facility substations and traffic control cabinets. \n\r\n\r\nThe Siemens RUGGEDCOM ROX device has a denial of service vulnerability",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-41546"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013659"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-77598"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-41546"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-41546",
        "trust": 3.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-173565",
        "trust": 2.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-287-08",
        "trust": 1.4
      },
      {
        "db": "JVN",
        "id": "JVNVU95938083",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013659",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-77598",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3444",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021101506",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-773",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-41546",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-77598"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-41546"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013659"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-773"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-41546"
      }
    ]
  },
  "id": "VAR-202110-0522",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-77598"
      }
    ],
    "trust": 1.12540106
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-77598"
      }
    ]
  },
  "last_update_date": "2024-11-23T19:27:35.396000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-173565",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf"
      },
      {
        "title": "Patch for Siemens RUGGEDCOM ROX Device Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/293986"
      },
      {
        "title": "Siemens Ruggedcom Rox Mx5000 Remediation of resource management error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=165887"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=31d453959f7c1086ac70d4139a81aadc"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-77598"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-41546"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013659"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-773"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-770",
        "trust": 1.0
      },
      {
        "problemtype": "Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013659"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-41546"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41546"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95938083/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-08"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021101506"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-287-08"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3444"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ruggedcom-rox-denial-of-service-via-crashdump-files-36635"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/400.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-173565.txt"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-77598"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-41546"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013659"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-773"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-41546"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-77598"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-41546"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013659"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-773"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-41546"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-10-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-77598"
      },
      {
        "date": "2021-10-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-41546"
      },
      {
        "date": "2022-09-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-013659"
      },
      {
        "date": "2021-10-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202110-773"
      },
      {
        "date": "2021-10-12T10:15:12.710000",
        "db": "NVD",
        "id": "CVE-2021-41546"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-01-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-77598"
      },
      {
        "date": "2021-10-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-41546"
      },
      {
        "date": "2022-09-21T02:56:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-013659"
      },
      {
        "date": "2022-08-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202110-773"
      },
      {
        "date": "2024-11-21T06:26:23.577000",
        "db": "NVD",
        "id": "CVE-2021-41546"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-773"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Vulnerability in limiting or non-slotting resource allocation in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013659"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202110-773"
      }
    ],
    "trust": 0.6
  }
}

var-202307-0586
Vulnerability from variot

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0586",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55712"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024814"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29562"
      }
    ]
  },
  "cve": "CVE-2022-29562",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.6,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 4.9,
            "id": "CNVD-2023-55712",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2022-29562",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "productcert@siemens.com",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "id": "CVE-2022-29562",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2022-29562",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-29562",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2022-29562",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-29562",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-55712",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202307-749",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55712"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024814"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-749"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29562"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29562"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-29562"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024814"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-55712"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29562"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-29562",
        "trust": 3.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-146325",
        "trust": 3.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-194-01",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95292697",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024814",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-55712",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-749",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29562",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55712"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29562"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024814"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-749"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29562"
      }
    ]
  },
  "id": "VAR-202307-0586",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55712"
      }
    ],
    "trust": 1.17411168
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55712"
      }
    ]
  },
  "last_update_date": "2024-08-14T12:19:39.668000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Siemens RUGGEDCOM ROX Input Validation Error Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/440286"
      },
      {
        "title": "Siemens RUGGEDCOM ROX Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=246668"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55712"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-749"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024814"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29562"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29562"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95292697/"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01"
      },
      {
        "trust": 0.6,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-29562/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55712"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29562"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024814"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-749"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29562"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55712"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29562"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024814"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-749"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29562"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-07-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-55712"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-29562"
      },
      {
        "date": "2024-01-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-024814"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-749"
      },
      {
        "date": "2023-07-11T10:15:10.043000",
        "db": "NVD",
        "id": "CVE-2022-29562"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-07-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-55712"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-29562"
      },
      {
        "date": "2024-01-19T08:14:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-024814"
      },
      {
        "date": "2023-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-749"
      },
      {
        "date": "2023-07-18T16:16:33.860000",
        "db": "NVD",
        "id": "CVE-2022-29562"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-749"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens RUGGEDCOM ROX Input Validation Error Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55712"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-749"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-749"
      }
    ],
    "trust": 0.6
  }
}

var-202307-0592
Vulnerability from variot

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflected directly in the response without sanitization while throwing an “invalid path” error. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0592",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55710"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021750"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36389"
      }
    ]
  },
  "cve": "CVE-2023-36389",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2023-55710",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2023-36389",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "productcert@siemens.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2023-36389",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2023-36389",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2023-36389",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2023-36389",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2023-36389",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-55710",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202307-742",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55710"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021750"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-742"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36389"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36389"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.  The malformed value is reflected\r\ndirectly in the response without sanitization while throwing an \u201cinvalid path\u201d error. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-36389"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021750"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-55710"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36389"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-36389",
        "trust": 3.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-146325",
        "trust": 3.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-194-01",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95292697",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021750",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-55710",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-742",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36389",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55710"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36389"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021750"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-742"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36389"
      }
    ]
  },
  "id": "VAR-202307-0592",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55710"
      }
    ],
    "trust": 1.17411168
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55710"
      }
    ]
  },
  "last_update_date": "2024-08-14T12:41:12.639000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Siemens RUGGEDCOM ROX cross-site scripting vulnerability (CNVD-2023-55710)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/440306"
      },
      {
        "title": "Siemens RUGGEDCOM ROX Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=246664"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55710"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-742"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.0
      },
      {
        "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021750"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36389"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95292697/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36389"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01"
      },
      {
        "trust": 0.6,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2023-36389/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55710"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36389"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021750"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-742"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36389"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55710"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36389"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021750"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-742"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36389"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-07-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-55710"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-36389"
      },
      {
        "date": "2024-01-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021750"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-742"
      },
      {
        "date": "2023-07-11T10:15:10.760000",
        "db": "NVD",
        "id": "CVE-2023-36389"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-07-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-55710"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-36389"
      },
      {
        "date": "2024-01-19T08:08:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021750"
      },
      {
        "date": "2023-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-742"
      },
      {
        "date": "2023-07-18T16:35:46.253000",
        "db": "NVD",
        "id": "CVE-2023-36389"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-742"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting vulnerability in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021750"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-742"
      }
    ],
    "trust": 0.6
  }
}

var-202307-0590
Vulnerability from variot

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0590",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60606"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021730"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36755"
      }
    ]
  },
  "cve": "CVE-2023-36755",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2023-60606",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "id": "CVE-2023-36755",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "productcert@siemens.com",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.3,
            "id": "CVE-2023-36755",
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.2,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2023-36755",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2023-36755",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2023-36755",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2023-36755",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-60606",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202307-731",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60606"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021730"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-731"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36755"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36755"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-36755"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021730"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-60606"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36755"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-36755",
        "trust": 3.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-146325",
        "trust": 3.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-194-01",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95292697",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021730",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-60606",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-731",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36755",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60606"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36755"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021730"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-731"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36755"
      }
    ]
  },
  "id": "VAR-202307-0590",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60606"
      }
    ],
    "trust": 1.17411168
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60606"
      }
    ]
  },
  "last_update_date": "2024-08-14T12:42:49.360000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Siemens RUGGEDCOM ROX Command Injection Vulnerability (CNVD-2023-60606)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/449031"
      },
      {
        "title": "Siemens RUGGEDCOM ROX Fixes for command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=246654"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60606"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-731"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-77",
        "trust": 1.0
      },
      {
        "problemtype": "Command injection (CWE-77) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021730"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36755"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95292697/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36755"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01"
      },
      {
        "trust": 0.6,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2023-36755/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60606"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36755"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021730"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-731"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36755"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60606"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36755"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021730"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-731"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36755"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-60606"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-36755"
      },
      {
        "date": "2024-01-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021730"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-731"
      },
      {
        "date": "2023-07-11T10:15:11.490000",
        "db": "NVD",
        "id": "CVE-2023-36755"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-60606"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-36755"
      },
      {
        "date": "2024-01-19T08:07:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021730"
      },
      {
        "date": "2023-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-731"
      },
      {
        "date": "2023-07-18T15:41:50.873000",
        "db": "NVD",
        "id": "CVE-2023-36755"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-731"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Command injection vulnerability in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021730"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "command injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-731"
      }
    ],
    "trust": 0.6
  }
}

var-202010-1059
Vulnerability from variot

In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service. Attackers can exploit this issue to crash the application, resulting in a denial-of-service condition. Mozilla Network Security Services versions prior to 3.41.1 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: nss and nspr security, bug fix, and enhancement update Advisory ID: RHSA-2019:1951-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1951 Issue date: 2019-07-30 CVE Names: CVE-2018-18508 CVE-2019-11719 CVE-2019-11727 CVE-2019-11729 ==================================================================== 1. Summary:

An update for nss and nspr is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

  1. Description:

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities.

The following packages have been upgraded to a later upstream version: nss (3.44.0), nspr (4.21.0). (BZ#1713187, BZ#1713188)

Security Fix(es):

  • nss: NULL pointer dereference in several CMS functions resulting in a denial of service (CVE-2018-18508)

  • nss: Out-of-bounds read when importing curve25519 private key (CVE-2019-11719)

  • nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729)

  • nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • PQG verify fails when create DSA PQG parameters because the counts aren't returned correctly. (BZ#1685325)

  • zeroization of AES context missing (BZ#1719629)

  • RSA Pairwise consistency test (BZ#1719630)

  • FIPS updated for nss-softoken POST (BZ#1722373)

  • DH/ECDH key tests missing for the PG parameters (BZ#1722374)

  • NSS should implement continuous random test on it's seed data or use the kernel AF_ALG interface for random (BZ#1725059)

  • support setting supported signature algorithms in strsclnt utility (BZ#1725110)

  • certutil -F with no parameters is killed with segmentation fault message (BZ#1725115)

  • NSS: Support for IKE/IPsec typical PKIX usage so libreswan can use nss without rejecting certs based on EKU (BZ#1725116)

  • NSS should use getentropy() for seeding its RNG, not /dev/urandom. Needs update to NSS 3.37 (BZ#1725117)

  • Disable TLS 1.3 in FIPS mode (BZ#1725773)

  • Wrong alert sent when client uses PKCS#1 signatures in TLS 1.3 (BZ#1728259)

  • x25519 allowed in FIPS mode (BZ#1728260)

  • post handshake authentication with selfserv does not work if SSL_ENABLE_SESSION_TICKETS is set (BZ#1728261)

Enhancement(s):

  • Move IKEv1 and IKEv2 KDF's from libreswan to nss-softkn (BZ#1719628)

  • Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, applications using NSS or NSPR (for example, Firefox) must be restarted for this update to take effect.

  1. 1719629 - zeroization of AES context missing [rhel-8.0.0.z] 1719630 - RSA Pairwise consistency test [rhel-8.0.0.z] 1722373 - FIPS updated for nss-softoken POST [rhel-8.0.0.z] 1722374 - DH/ECDH key tests missing for the PG parameters [rhel-8.0.0.z] 1725059 - NSS should implement continuous random test on it's seed data or use the kernel AF_ALG interface for random [rhel-8.0.0.z] 1725110 - support setting supported signature algorithms in strsclnt utility [rhel-8.0.0.z] 1725115 - certutil -F with no parameters is killed with segmentation fault message [rhel-8.0.0.z] 1725116 - NSS: Support for IKE/IPsec typical PKIX usage so libreswan can use nss without rejecting certs based on EKU [rhel-8.0.0.z] 1728259 - Wrong alert sent when client uses PKCS#1 signatures in TLS 1.3 [rhel-8.0.0.z] 1728260 - x25519 allowed in FIPS mode [rhel-8.0.0.z] 1728261 - post handshake authentication with selfserv does not work if SSL_ENABLE_SESSION_TICKETS is set [rhel-8.0.0.z] 1728436 - CVE-2019-11719 nss: Out-of-bounds read when importing curve25519 private key 1728437 - CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault 1730988 - CVE-2019-11727 nss: PKCS#1 v1.5 signatures can be used for TLS 1.3

  2. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source: nspr-4.21.0-2.el8_0.src.rpm nss-3.44.0-7.el8_0.src.rpm

aarch64: nspr-4.21.0-2.el8_0.aarch64.rpm nspr-debuginfo-4.21.0-2.el8_0.aarch64.rpm nspr-debugsource-4.21.0-2.el8_0.aarch64.rpm nspr-devel-4.21.0-2.el8_0.aarch64.rpm nss-3.44.0-7.el8_0.aarch64.rpm nss-debuginfo-3.44.0-7.el8_0.aarch64.rpm nss-debugsource-3.44.0-7.el8_0.aarch64.rpm nss-devel-3.44.0-7.el8_0.aarch64.rpm nss-softokn-3.44.0-7.el8_0.aarch64.rpm nss-softokn-debuginfo-3.44.0-7.el8_0.aarch64.rpm nss-softokn-devel-3.44.0-7.el8_0.aarch64.rpm nss-softokn-freebl-3.44.0-7.el8_0.aarch64.rpm nss-softokn-freebl-debuginfo-3.44.0-7.el8_0.aarch64.rpm nss-softokn-freebl-devel-3.44.0-7.el8_0.aarch64.rpm nss-sysinit-3.44.0-7.el8_0.aarch64.rpm nss-sysinit-debuginfo-3.44.0-7.el8_0.aarch64.rpm nss-tools-3.44.0-7.el8_0.aarch64.rpm nss-tools-debuginfo-3.44.0-7.el8_0.aarch64.rpm nss-util-3.44.0-7.el8_0.aarch64.rpm nss-util-debuginfo-3.44.0-7.el8_0.aarch64.rpm nss-util-devel-3.44.0-7.el8_0.aarch64.rpm

ppc64le: nspr-4.21.0-2.el8_0.ppc64le.rpm nspr-debuginfo-4.21.0-2.el8_0.ppc64le.rpm nspr-debugsource-4.21.0-2.el8_0.ppc64le.rpm nspr-devel-4.21.0-2.el8_0.ppc64le.rpm nss-3.44.0-7.el8_0.ppc64le.rpm nss-debuginfo-3.44.0-7.el8_0.ppc64le.rpm nss-debugsource-3.44.0-7.el8_0.ppc64le.rpm nss-devel-3.44.0-7.el8_0.ppc64le.rpm nss-softokn-3.44.0-7.el8_0.ppc64le.rpm nss-softokn-debuginfo-3.44.0-7.el8_0.ppc64le.rpm nss-softokn-devel-3.44.0-7.el8_0.ppc64le.rpm nss-softokn-freebl-3.44.0-7.el8_0.ppc64le.rpm nss-softokn-freebl-debuginfo-3.44.0-7.el8_0.ppc64le.rpm nss-softokn-freebl-devel-3.44.0-7.el8_0.ppc64le.rpm nss-sysinit-3.44.0-7.el8_0.ppc64le.rpm nss-sysinit-debuginfo-3.44.0-7.el8_0.ppc64le.rpm nss-tools-3.44.0-7.el8_0.ppc64le.rpm nss-tools-debuginfo-3.44.0-7.el8_0.ppc64le.rpm nss-util-3.44.0-7.el8_0.ppc64le.rpm nss-util-debuginfo-3.44.0-7.el8_0.ppc64le.rpm nss-util-devel-3.44.0-7.el8_0.ppc64le.rpm

s390x: nspr-4.21.0-2.el8_0.s390x.rpm nspr-debuginfo-4.21.0-2.el8_0.s390x.rpm nspr-debugsource-4.21.0-2.el8_0.s390x.rpm nspr-devel-4.21.0-2.el8_0.s390x.rpm nss-3.44.0-7.el8_0.s390x.rpm nss-debuginfo-3.44.0-7.el8_0.s390x.rpm nss-debugsource-3.44.0-7.el8_0.s390x.rpm nss-devel-3.44.0-7.el8_0.s390x.rpm nss-softokn-3.44.0-7.el8_0.s390x.rpm nss-softokn-debuginfo-3.44.0-7.el8_0.s390x.rpm nss-softokn-devel-3.44.0-7.el8_0.s390x.rpm nss-softokn-freebl-3.44.0-7.el8_0.s390x.rpm nss-softokn-freebl-debuginfo-3.44.0-7.el8_0.s390x.rpm nss-softokn-freebl-devel-3.44.0-7.el8_0.s390x.rpm nss-sysinit-3.44.0-7.el8_0.s390x.rpm nss-sysinit-debuginfo-3.44.0-7.el8_0.s390x.rpm nss-tools-3.44.0-7.el8_0.s390x.rpm nss-tools-debuginfo-3.44.0-7.el8_0.s390x.rpm nss-util-3.44.0-7.el8_0.s390x.rpm nss-util-debuginfo-3.44.0-7.el8_0.s390x.rpm nss-util-devel-3.44.0-7.el8_0.s390x.rpm

x86_64: nspr-4.21.0-2.el8_0.i686.rpm nspr-4.21.0-2.el8_0.x86_64.rpm nspr-debuginfo-4.21.0-2.el8_0.i686.rpm nspr-debuginfo-4.21.0-2.el8_0.x86_64.rpm nspr-debugsource-4.21.0-2.el8_0.i686.rpm nspr-debugsource-4.21.0-2.el8_0.x86_64.rpm nspr-devel-4.21.0-2.el8_0.i686.rpm nspr-devel-4.21.0-2.el8_0.x86_64.rpm nss-3.44.0-7.el8_0.i686.rpm nss-3.44.0-7.el8_0.x86_64.rpm nss-debuginfo-3.44.0-7.el8_0.i686.rpm nss-debuginfo-3.44.0-7.el8_0.x86_64.rpm nss-debugsource-3.44.0-7.el8_0.i686.rpm nss-debugsource-3.44.0-7.el8_0.x86_64.rpm nss-devel-3.44.0-7.el8_0.i686.rpm nss-devel-3.44.0-7.el8_0.x86_64.rpm nss-softokn-3.44.0-7.el8_0.i686.rpm nss-softokn-3.44.0-7.el8_0.x86_64.rpm nss-softokn-debuginfo-3.44.0-7.el8_0.i686.rpm nss-softokn-debuginfo-3.44.0-7.el8_0.x86_64.rpm nss-softokn-devel-3.44.0-7.el8_0.i686.rpm nss-softokn-devel-3.44.0-7.el8_0.x86_64.rpm nss-softokn-freebl-3.44.0-7.el8_0.i686.rpm nss-softokn-freebl-3.44.0-7.el8_0.x86_64.rpm nss-softokn-freebl-debuginfo-3.44.0-7.el8_0.i686.rpm nss-softokn-freebl-debuginfo-3.44.0-7.el8_0.x86_64.rpm nss-softokn-freebl-devel-3.44.0-7.el8_0.i686.rpm nss-softokn-freebl-devel-3.44.0-7.el8_0.x86_64.rpm nss-sysinit-3.44.0-7.el8_0.x86_64.rpm nss-sysinit-debuginfo-3.44.0-7.el8_0.i686.rpm nss-sysinit-debuginfo-3.44.0-7.el8_0.x86_64.rpm nss-tools-3.44.0-7.el8_0.x86_64.rpm nss-tools-debuginfo-3.44.0-7.el8_0.i686.rpm nss-tools-debuginfo-3.44.0-7.el8_0.x86_64.rpm nss-util-3.44.0-7.el8_0.i686.rpm nss-util-3.44.0-7.el8_0.x86_64.rpm nss-util-debuginfo-3.44.0-7.el8_0.i686.rpm nss-util-debuginfo-3.44.0-7.el8_0.x86_64.rpm nss-util-devel-3.44.0-7.el8_0.i686.rpm nss-util-devel-3.44.0-7.el8_0.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2018-18508 https://access.redhat.com/security/cve/CVE-2019-11719 https://access.redhat.com/security/cve/CVE-2019-11727 https://access.redhat.com/security/cve/CVE-2019-11729 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXUCfq9zjgjWX9erEAQjjQA/9HhUp+Cnfdn35f1x4Kj0gKkph2oaC9cEd QQu1wSlb6s/PjWx0dQUv0rAv4g/rhKfg2o0E1JgfkSPXeqtXVNKgGjC61VAXepnN kFRxD+Tbcf7+0XFuTk0wtKEaHs6Y6sBVpfV2V6EjHJJslRGCXSe9gh6Q/LXLzeOw Gk5g+6RuKlQ7K2xSeVE/V6jItXAXx6DRpFMPpUMQne1c4rCIsh1iW5n20Si2ftu9 dHDw8C0vNUm7Mdos+lZ+NbnagnEFiwmEcFsDXKFFE/TkU54io4rXJjslNNtUFUc4 1e4I8OVsrVvhLKRxcYSBpVT3HjUYwrwAMnK5oEDdvOnJMgq1ndq47ZcGsRpC4vC2 1+fahlwiEXHZmL/9/1Dx4ldsRVqVpjkMQu9YwPmHpGIukru4ZatZPmTnRO2tZ90C p26RCE31I+7tKLY7I0xSZWjYo7NpIRhwa54zeK3zGkvOfKUgXdcmmkCXhve1KHse FMSPXrTbfaKSYzTVwQLKYeOmMK1/kC6wKpcXVRl/InkCh1I1mgbJoX/XXLLjmiD9 HgxRo3YVpl/Yi8V9Gv432lXTpgYDorJwUV6tt29cRwldSKAv53JDk+gt6B9ELyKW 5HbVUbK3zi264QBEmTKHOH58j9Q+4juW/O8pnKVbI4a3w+sMxP0Sllmka98UPK3M soGsMntiCX0=fQiK -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-37


                                       https://security.gentoo.org/

Severity: Normal Title: Mozilla Network Security Service: Multiple vulnerabilities Date: March 16, 2020 Bugs: #627534, #676868, #701840 ID: 202003-37


Synopsis

Multiple vulnerabilities have been found in Mozilla Network Security Service (NSS), the worst of which may lead to arbitrary code execution.

Background

The Mozilla Network Security Service (NSS) is a library implementing security features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME and X.509 certificates. Please review the CVE identifiers referenced below for details.

Impact

An attacker could execute arbitrary code, cause a Denial of Service condition or have other unspecified impact.

Workaround

There is no known workaround at this time.

Resolution

All Mozilla Network Security Service (NSS) users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.49"

References

[ 1 ] CVE-2017-11695 https://nvd.nist.gov/vuln/detail/CVE-2017-11695 [ 2 ] CVE-2017-11696 https://nvd.nist.gov/vuln/detail/CVE-2017-11696 [ 3 ] CVE-2017-11697 https://nvd.nist.gov/vuln/detail/CVE-2017-11697 [ 4 ] CVE-2017-11698 https://nvd.nist.gov/vuln/detail/CVE-2017-11698 [ 5 ] CVE-2018-18508 https://nvd.nist.gov/vuln/detail/CVE-2018-18508 [ 6 ] CVE-2019-11745 https://nvd.nist.gov/vuln/detail/CVE-2019-11745

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202003-37

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3898-2 February 27, 2019

nss vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 12.04 ESM

Summary:

NSS could be made to crash if it received specially crafted network traffic. This update provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

Hanno BAPck and Damian Poddebniak discovered that NSS incorrectly handled certain CMS functions

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202010-1059",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "network security services",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "3.41"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "network security services",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "3.41.1"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "network security services",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "3.36.7"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "network security services",
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "18.10"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "18.04"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "16.04"
      },
      {
        "model": "linux lts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "14.04"
      },
      {
        "model": "linux esm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "12.04"
      },
      {
        "model": "virtualization",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "6"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.40.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.37.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.36.5"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.28.4"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.28"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.21.4"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.21.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.20.2"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.20.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.19.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.17.3"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.17.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.15.4"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.15.3"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.15.2"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.15.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.14.5"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.14.4"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.12.10"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.12.8"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.12.5"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.12.4"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.12.3"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.12.2"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.12.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.11.3"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.9.2"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.9"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.8"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.7.7"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.7.5"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.7.3"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.7.2"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.7.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.7"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.6"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.5"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.4.2"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.4.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.4"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.3.2"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.3.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.3"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.2.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.2"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.41"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.40"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.39"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.38"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.37"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.36"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.24.0"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.23"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.21"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.20"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.19.2.3"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.17"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.16.5"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.16.2.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.16"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.15.5"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.15.3.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.15"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.14.3"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.14.2"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.14.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.14"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.13.4"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.13.3"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.12.9"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.12.7"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.12.6"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.12.3.2"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.12.3.1"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.12.11"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.12"
      },
      {
        "model": "network security services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.11"
      },
      {
        "model": "network security services",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mozilla",
        "version": "3.41.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "107257"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-016512"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-18508"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ubuntu,Red Hat,Gentoo",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-594"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2018-18508",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2018-18508",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "id": "CVE-2018-18508",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2018-18508",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-18508",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-18508",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201902-594",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-18508",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-18508"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-016512"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-594"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-18508"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service. \nAttackers can exploit this issue to crash the application, resulting in a denial-of-service condition. \nMozilla Network Security Services versions prior to 3.41.1 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: nss and nspr security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2019:1951-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:1951\nIssue date:        2019-07-30\nCVE Names:         CVE-2018-18508 CVE-2019-11719 CVE-2019-11727\n                   CVE-2019-11729\n====================================================================\n1. Summary:\n\nAn update for nss and nspr is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. \n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. \n\nThe following packages have been upgraded to a later upstream version: nss\n(3.44.0), nspr (4.21.0). (BZ#1713187, BZ#1713188)\n\nSecurity Fix(es):\n\n* nss: NULL pointer dereference in several CMS functions resulting in a\ndenial of service (CVE-2018-18508)\n\n* nss: Out-of-bounds read when importing curve25519 private key\n(CVE-2019-11719)\n\n* nss: Empty or malformed p256-ECDH public keys may trigger a segmentation\nfault (CVE-2019-11729)\n\n* nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* PQG verify fails when create DSA PQG parameters because the counts aren\u0027t\nreturned correctly. (BZ#1685325)\n\n* zeroization of AES context missing (BZ#1719629)\n\n* RSA Pairwise consistency test (BZ#1719630)\n\n* FIPS updated for nss-softoken POST (BZ#1722373)\n\n* DH/ECDH key tests missing for the PG parameters (BZ#1722374)\n\n* NSS should implement continuous random test on it\u0027s seed data or use the\nkernel AF_ALG interface for random (BZ#1725059)\n\n* support setting supported signature algorithms in strsclnt utility\n(BZ#1725110)\n\n* certutil -F with no parameters is killed with segmentation fault message\n(BZ#1725115)\n\n* NSS: Support for IKE/IPsec typical PKIX usage so libreswan can use nss\nwithout rejecting certs based on EKU (BZ#1725116)\n\n* NSS should use getentropy() for seeding its RNG, not /dev/urandom. Needs\nupdate to NSS 3.37 (BZ#1725117)\n\n* Disable TLS 1.3 in FIPS mode (BZ#1725773)\n\n* Wrong alert sent when client uses PKCS#1 signatures in TLS 1.3\n(BZ#1728259)\n\n* x25519 allowed in FIPS mode (BZ#1728260)\n\n* post handshake authentication with selfserv does not work if\nSSL_ENABLE_SESSION_TICKETS is set (BZ#1728261)\n\nEnhancement(s):\n\n* Move IKEv1 and IKEv2 KDF\u0027s from libreswan to nss-softkn (BZ#1719628)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, applications using NSS or NSPR (for example,\nFirefox) must be restarted for this update to take effect. \n\n5. \n1719629 - zeroization of AES context missing [rhel-8.0.0.z]\n1719630 - RSA Pairwise consistency test [rhel-8.0.0.z]\n1722373 - FIPS updated for nss-softoken POST [rhel-8.0.0.z]\n1722374 - DH/ECDH key tests missing for the PG parameters [rhel-8.0.0.z]\n1725059 - NSS should implement continuous random test on it\u0027s seed data or use the kernel AF_ALG interface for random [rhel-8.0.0.z]\n1725110 - support setting supported signature algorithms in strsclnt utility [rhel-8.0.0.z]\n1725115 - certutil -F with no parameters is killed with segmentation fault message [rhel-8.0.0.z]\n1725116 - NSS: Support for IKE/IPsec typical PKIX usage so libreswan can use nss without rejecting certs based on EKU [rhel-8.0.0.z]\n1728259 - Wrong alert sent when client uses PKCS#1 signatures in TLS 1.3 [rhel-8.0.0.z]\n1728260 - x25519 allowed in FIPS mode [rhel-8.0.0.z]\n1728261 - post handshake authentication with selfserv does not work if SSL_ENABLE_SESSION_TICKETS is set [rhel-8.0.0.z]\n1728436 - CVE-2019-11719 nss: Out-of-bounds read when importing curve25519 private key\n1728437 - CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault\n1730988 - CVE-2019-11727 nss: PKCS#1 v1.5 signatures can be used for TLS 1.3\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\nSource:\nnspr-4.21.0-2.el8_0.src.rpm\nnss-3.44.0-7.el8_0.src.rpm\n\naarch64:\nnspr-4.21.0-2.el8_0.aarch64.rpm\nnspr-debuginfo-4.21.0-2.el8_0.aarch64.rpm\nnspr-debugsource-4.21.0-2.el8_0.aarch64.rpm\nnspr-devel-4.21.0-2.el8_0.aarch64.rpm\nnss-3.44.0-7.el8_0.aarch64.rpm\nnss-debuginfo-3.44.0-7.el8_0.aarch64.rpm\nnss-debugsource-3.44.0-7.el8_0.aarch64.rpm\nnss-devel-3.44.0-7.el8_0.aarch64.rpm\nnss-softokn-3.44.0-7.el8_0.aarch64.rpm\nnss-softokn-debuginfo-3.44.0-7.el8_0.aarch64.rpm\nnss-softokn-devel-3.44.0-7.el8_0.aarch64.rpm\nnss-softokn-freebl-3.44.0-7.el8_0.aarch64.rpm\nnss-softokn-freebl-debuginfo-3.44.0-7.el8_0.aarch64.rpm\nnss-softokn-freebl-devel-3.44.0-7.el8_0.aarch64.rpm\nnss-sysinit-3.44.0-7.el8_0.aarch64.rpm\nnss-sysinit-debuginfo-3.44.0-7.el8_0.aarch64.rpm\nnss-tools-3.44.0-7.el8_0.aarch64.rpm\nnss-tools-debuginfo-3.44.0-7.el8_0.aarch64.rpm\nnss-util-3.44.0-7.el8_0.aarch64.rpm\nnss-util-debuginfo-3.44.0-7.el8_0.aarch64.rpm\nnss-util-devel-3.44.0-7.el8_0.aarch64.rpm\n\nppc64le:\nnspr-4.21.0-2.el8_0.ppc64le.rpm\nnspr-debuginfo-4.21.0-2.el8_0.ppc64le.rpm\nnspr-debugsource-4.21.0-2.el8_0.ppc64le.rpm\nnspr-devel-4.21.0-2.el8_0.ppc64le.rpm\nnss-3.44.0-7.el8_0.ppc64le.rpm\nnss-debuginfo-3.44.0-7.el8_0.ppc64le.rpm\nnss-debugsource-3.44.0-7.el8_0.ppc64le.rpm\nnss-devel-3.44.0-7.el8_0.ppc64le.rpm\nnss-softokn-3.44.0-7.el8_0.ppc64le.rpm\nnss-softokn-debuginfo-3.44.0-7.el8_0.ppc64le.rpm\nnss-softokn-devel-3.44.0-7.el8_0.ppc64le.rpm\nnss-softokn-freebl-3.44.0-7.el8_0.ppc64le.rpm\nnss-softokn-freebl-debuginfo-3.44.0-7.el8_0.ppc64le.rpm\nnss-softokn-freebl-devel-3.44.0-7.el8_0.ppc64le.rpm\nnss-sysinit-3.44.0-7.el8_0.ppc64le.rpm\nnss-sysinit-debuginfo-3.44.0-7.el8_0.ppc64le.rpm\nnss-tools-3.44.0-7.el8_0.ppc64le.rpm\nnss-tools-debuginfo-3.44.0-7.el8_0.ppc64le.rpm\nnss-util-3.44.0-7.el8_0.ppc64le.rpm\nnss-util-debuginfo-3.44.0-7.el8_0.ppc64le.rpm\nnss-util-devel-3.44.0-7.el8_0.ppc64le.rpm\n\ns390x:\nnspr-4.21.0-2.el8_0.s390x.rpm\nnspr-debuginfo-4.21.0-2.el8_0.s390x.rpm\nnspr-debugsource-4.21.0-2.el8_0.s390x.rpm\nnspr-devel-4.21.0-2.el8_0.s390x.rpm\nnss-3.44.0-7.el8_0.s390x.rpm\nnss-debuginfo-3.44.0-7.el8_0.s390x.rpm\nnss-debugsource-3.44.0-7.el8_0.s390x.rpm\nnss-devel-3.44.0-7.el8_0.s390x.rpm\nnss-softokn-3.44.0-7.el8_0.s390x.rpm\nnss-softokn-debuginfo-3.44.0-7.el8_0.s390x.rpm\nnss-softokn-devel-3.44.0-7.el8_0.s390x.rpm\nnss-softokn-freebl-3.44.0-7.el8_0.s390x.rpm\nnss-softokn-freebl-debuginfo-3.44.0-7.el8_0.s390x.rpm\nnss-softokn-freebl-devel-3.44.0-7.el8_0.s390x.rpm\nnss-sysinit-3.44.0-7.el8_0.s390x.rpm\nnss-sysinit-debuginfo-3.44.0-7.el8_0.s390x.rpm\nnss-tools-3.44.0-7.el8_0.s390x.rpm\nnss-tools-debuginfo-3.44.0-7.el8_0.s390x.rpm\nnss-util-3.44.0-7.el8_0.s390x.rpm\nnss-util-debuginfo-3.44.0-7.el8_0.s390x.rpm\nnss-util-devel-3.44.0-7.el8_0.s390x.rpm\n\nx86_64:\nnspr-4.21.0-2.el8_0.i686.rpm\nnspr-4.21.0-2.el8_0.x86_64.rpm\nnspr-debuginfo-4.21.0-2.el8_0.i686.rpm\nnspr-debuginfo-4.21.0-2.el8_0.x86_64.rpm\nnspr-debugsource-4.21.0-2.el8_0.i686.rpm\nnspr-debugsource-4.21.0-2.el8_0.x86_64.rpm\nnspr-devel-4.21.0-2.el8_0.i686.rpm\nnspr-devel-4.21.0-2.el8_0.x86_64.rpm\nnss-3.44.0-7.el8_0.i686.rpm\nnss-3.44.0-7.el8_0.x86_64.rpm\nnss-debuginfo-3.44.0-7.el8_0.i686.rpm\nnss-debuginfo-3.44.0-7.el8_0.x86_64.rpm\nnss-debugsource-3.44.0-7.el8_0.i686.rpm\nnss-debugsource-3.44.0-7.el8_0.x86_64.rpm\nnss-devel-3.44.0-7.el8_0.i686.rpm\nnss-devel-3.44.0-7.el8_0.x86_64.rpm\nnss-softokn-3.44.0-7.el8_0.i686.rpm\nnss-softokn-3.44.0-7.el8_0.x86_64.rpm\nnss-softokn-debuginfo-3.44.0-7.el8_0.i686.rpm\nnss-softokn-debuginfo-3.44.0-7.el8_0.x86_64.rpm\nnss-softokn-devel-3.44.0-7.el8_0.i686.rpm\nnss-softokn-devel-3.44.0-7.el8_0.x86_64.rpm\nnss-softokn-freebl-3.44.0-7.el8_0.i686.rpm\nnss-softokn-freebl-3.44.0-7.el8_0.x86_64.rpm\nnss-softokn-freebl-debuginfo-3.44.0-7.el8_0.i686.rpm\nnss-softokn-freebl-debuginfo-3.44.0-7.el8_0.x86_64.rpm\nnss-softokn-freebl-devel-3.44.0-7.el8_0.i686.rpm\nnss-softokn-freebl-devel-3.44.0-7.el8_0.x86_64.rpm\nnss-sysinit-3.44.0-7.el8_0.x86_64.rpm\nnss-sysinit-debuginfo-3.44.0-7.el8_0.i686.rpm\nnss-sysinit-debuginfo-3.44.0-7.el8_0.x86_64.rpm\nnss-tools-3.44.0-7.el8_0.x86_64.rpm\nnss-tools-debuginfo-3.44.0-7.el8_0.i686.rpm\nnss-tools-debuginfo-3.44.0-7.el8_0.x86_64.rpm\nnss-util-3.44.0-7.el8_0.i686.rpm\nnss-util-3.44.0-7.el8_0.x86_64.rpm\nnss-util-debuginfo-3.44.0-7.el8_0.i686.rpm\nnss-util-debuginfo-3.44.0-7.el8_0.x86_64.rpm\nnss-util-devel-3.44.0-7.el8_0.i686.rpm\nnss-util-devel-3.44.0-7.el8_0.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-18508\nhttps://access.redhat.com/security/cve/CVE-2019-11719\nhttps://access.redhat.com/security/cve/CVE-2019-11727\nhttps://access.redhat.com/security/cve/CVE-2019-11729\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXUCfq9zjgjWX9erEAQjjQA/9HhUp+Cnfdn35f1x4Kj0gKkph2oaC9cEd\nQQu1wSlb6s/PjWx0dQUv0rAv4g/rhKfg2o0E1JgfkSPXeqtXVNKgGjC61VAXepnN\nkFRxD+Tbcf7+0XFuTk0wtKEaHs6Y6sBVpfV2V6EjHJJslRGCXSe9gh6Q/LXLzeOw\nGk5g+6RuKlQ7K2xSeVE/V6jItXAXx6DRpFMPpUMQne1c4rCIsh1iW5n20Si2ftu9\ndHDw8C0vNUm7Mdos+lZ+NbnagnEFiwmEcFsDXKFFE/TkU54io4rXJjslNNtUFUc4\n1e4I8OVsrVvhLKRxcYSBpVT3HjUYwrwAMnK5oEDdvOnJMgq1ndq47ZcGsRpC4vC2\n1+fahlwiEXHZmL/9/1Dx4ldsRVqVpjkMQu9YwPmHpGIukru4ZatZPmTnRO2tZ90C\np26RCE31I+7tKLY7I0xSZWjYo7NpIRhwa54zeK3zGkvOfKUgXdcmmkCXhve1KHse\nFMSPXrTbfaKSYzTVwQLKYeOmMK1/kC6wKpcXVRl/InkCh1I1mgbJoX/XXLLjmiD9\nHgxRo3YVpl/Yi8V9Gv432lXTpgYDorJwUV6tt29cRwldSKAv53JDk+gt6B9ELyKW\n5HbVUbK3zi264QBEmTKHOH58j9Q+4juW/O8pnKVbI4a3w+sMxP0Sllmka98UPK3M\nsoGsMntiCX0=fQiK\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202003-37\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Mozilla Network Security Service: Multiple vulnerabilities\n     Date: March 16, 2020\n     Bugs: #627534, #676868, #701840\n       ID: 202003-37\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Mozilla Network Security\nService (NSS), the worst of which may lead to arbitrary code execution. \n\nBackground\n==========\n\nThe Mozilla Network Security Service (NSS) is a library implementing\nsecurity features like SSL v.2/v.3, TLS, PKCS #5, PKCS #7, PKCS #11,\nPKCS #12, S/MIME and X.509 certificates. Please review the CVE identifiers referenced\nbelow for details. \n\nImpact\n======\n\nAn attacker could execute arbitrary code, cause a Denial of Service\ncondition or have other unspecified impact. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Mozilla Network Security Service (NSS) users should upgrade to the\nlatest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/nss-3.49\"\n\nReferences\n==========\n\n[ 1 ] CVE-2017-11695\n      https://nvd.nist.gov/vuln/detail/CVE-2017-11695\n[ 2 ] CVE-2017-11696\n      https://nvd.nist.gov/vuln/detail/CVE-2017-11696\n[ 3 ] CVE-2017-11697\n      https://nvd.nist.gov/vuln/detail/CVE-2017-11697\n[ 4 ] CVE-2017-11698\n      https://nvd.nist.gov/vuln/detail/CVE-2017-11698\n[ 5 ] CVE-2018-18508\n      https://nvd.nist.gov/vuln/detail/CVE-2018-18508\n[ 6 ] CVE-2019-11745\n      https://nvd.nist.gov/vuln/detail/CVE-2019-11745\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202003-37\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. ==========================================================================\nUbuntu Security Notice USN-3898-2\nFebruary 27, 2019\n\nnss vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 ESM\n\nSummary:\n\nNSS could be made to crash if it received specially crafted network\ntraffic. This update provides\nthe corresponding update for Ubuntu 12.04 ESM. \n\nOriginal advisory details:\n\n Hanno BAPck and Damian Poddebniak discovered that NSS incorrectly\n handled certain CMS functions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-18508"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-016512"
      },
      {
        "db": "BID",
        "id": "107257"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-18508"
      },
      {
        "db": "PACKETSTORM",
        "id": "153834"
      },
      {
        "db": "PACKETSTORM",
        "id": "156770"
      },
      {
        "db": "PACKETSTORM",
        "id": "151881"
      },
      {
        "db": "PACKETSTORM",
        "id": "151880"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-18508",
        "trust": 3.2
      },
      {
        "db": "SIEMENS",
        "id": "SSA-379803",
        "trust": 1.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-040-04",
        "trust": 1.6
      },
      {
        "db": "JVN",
        "id": "JVNVU91083521",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-016512",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "153834",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "156770",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "151881",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0491",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0001",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3355",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.2864",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0683",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-594",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "107257",
        "trust": 0.3
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-18508",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "151880",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-18508"
      },
      {
        "db": "BID",
        "id": "107257"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-016512"
      },
      {
        "db": "PACKETSTORM",
        "id": "153834"
      },
      {
        "db": "PACKETSTORM",
        "id": "156770"
      },
      {
        "db": "PACKETSTORM",
        "id": "151881"
      },
      {
        "db": "PACKETSTORM",
        "id": "151880"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-594"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-18508"
      }
    ]
  },
  "id": "VAR-202010-1059",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.52540106
  },
  "last_update_date": "2024-11-23T19:42:33.865000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-379803",
        "trust": 0.8,
        "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes"
      },
      {
        "title": "nss Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89391"
      },
      {
        "title": "Debian CVElist Bug Report Logs: nss: CVE-2018-18508: NULL pointer dereference in several CMS functions resulting in a denial of service",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=cf52b51fc0bbd2d3441029e3dfb6b203"
      },
      {
        "title": "Red Hat: Moderate: nss and nspr security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20191951 - Security Advisory"
      },
      {
        "title": "Ubuntu Security Notice: nss vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3898-1"
      },
      {
        "title": "Ubuntu Security Notice: nss vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3898-2"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-18508"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-016512"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-594"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-476",
        "trust": 1.0
      },
      {
        "problemtype": "NULL Pointer dereference (CWE-476) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-016512"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-18508"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
      },
      {
        "trust": 2.0,
        "url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.41.1_release_notes"
      },
      {
        "trust": 1.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18508"
      },
      {
        "trust": 1.7,
        "url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.36.7_release_notes"
      },
      {
        "trust": 1.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu91083521/"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/errata/rhsa-2019:1951"
      },
      {
        "trust": 0.6,
        "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00006.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193395-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0491"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/156770/gentoo-linux-security-advisory-202003-37.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/153834/red-hat-security-advisory-2019-1951-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/151881/ubuntu-security-notice-usn-3898-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3355/"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/mozilla-nss-null-pointer-dereference-via-cms-28417"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.2864/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0001/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/76506"
      },
      {
        "trust": 0.4,
        "url": "https://usn.ubuntu.com/3898-1/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2018-18508"
      },
      {
        "trust": 0.3,
        "url": "https://hg.mozilla.org/projects/nss/rev/5e70b72131ac"
      },
      {
        "trust": 0.3,
        "url": "https://hg.mozilla.org/projects/nss/rev/08d1b0c1117f"
      },
      {
        "trust": 0.3,
        "url": "http://www.mozilla.com/en-us/"
      },
      {
        "trust": 0.3,
        "url": "https://ftp.mozilla.org/pub/security/nss/releases/nss_3_41_1_rtm/src/"
      },
      {
        "trust": 0.3,
        "url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss"
      },
      {
        "trust": 0.3,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-18508"
      },
      {
        "trust": 0.3,
        "url": "https://usn.ubuntu.com/3898-2/"
      },
      {
        "trust": 0.2,
        "url": "https://usn.ubuntu.com/usn/usn-3898-1"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/476.html"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921614"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11729"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11729"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11719"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11727"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11696"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11745"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/glsa/202003-37"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11695"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11697"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11698"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/usn/usn-3898-2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.14.04.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.04.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.35-2ubuntu2.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.36.1-1ubuntu1.2"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2018-18508"
      },
      {
        "db": "BID",
        "id": "107257"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-016512"
      },
      {
        "db": "PACKETSTORM",
        "id": "153834"
      },
      {
        "db": "PACKETSTORM",
        "id": "156770"
      },
      {
        "db": "PACKETSTORM",
        "id": "151881"
      },
      {
        "db": "PACKETSTORM",
        "id": "151880"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-594"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-18508"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2018-18508"
      },
      {
        "db": "BID",
        "id": "107257"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-016512"
      },
      {
        "db": "PACKETSTORM",
        "id": "153834"
      },
      {
        "db": "PACKETSTORM",
        "id": "156770"
      },
      {
        "db": "PACKETSTORM",
        "id": "151881"
      },
      {
        "db": "PACKETSTORM",
        "id": "151880"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-594"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-18508"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-18508"
      },
      {
        "date": "2019-01-22T00:00:00",
        "db": "BID",
        "id": "107257"
      },
      {
        "date": "2021-05-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-016512"
      },
      {
        "date": "2019-07-30T22:08:23",
        "db": "PACKETSTORM",
        "id": "153834"
      },
      {
        "date": "2020-03-16T22:35:27",
        "db": "PACKETSTORM",
        "id": "156770"
      },
      {
        "date": "2019-02-27T19:23:00",
        "db": "PACKETSTORM",
        "id": "151881"
      },
      {
        "date": "2019-02-27T19:22:00",
        "db": "PACKETSTORM",
        "id": "151880"
      },
      {
        "date": "2019-02-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201902-594"
      },
      {
        "date": "2020-10-22T21:15:12.467000",
        "db": "NVD",
        "id": "CVE-2018-18508"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-18T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-18508"
      },
      {
        "date": "2019-01-22T00:00:00",
        "db": "BID",
        "id": "107257"
      },
      {
        "date": "2021-05-24T08:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-016512"
      },
      {
        "date": "2021-08-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201902-594"
      },
      {
        "date": "2024-11-21T03:56:04.393000",
        "db": "NVD",
        "id": "CVE-2018-18508"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "151881"
      },
      {
        "db": "PACKETSTORM",
        "id": "151880"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-594"
      }
    ],
    "trust": 0.8
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Network\u00a0Security\u00a0Services\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-016512"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-594"
      }
    ],
    "trust": 0.6
  }
}

var-202307-0584
Vulnerability from variot

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products, including firmware, contain vulnerabilities related to the use of cryptographic algorithms.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0584",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60612"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021736"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36749"
      }
    ]
  },
  "cve": "CVE-2023-36749",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 9.4,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2023-60612",
            "impactScore": 9.2,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "id": "CVE-2023-36749",
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.4,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2023-36749",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2023-36749",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2023-36749",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2023-36749",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-60612",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202307-737",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60612"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021736"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-737"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36749"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36749"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products, including firmware, contain vulnerabilities related to the use of cryptographic algorithms.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-36749"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021736"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-60612"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36749"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-36749",
        "trust": 3.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-146325",
        "trust": 3.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-194-01",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95292697",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021736",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-60612",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-737",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36749",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60612"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36749"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021736"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-737"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36749"
      }
    ]
  },
  "id": "VAR-202307-0584",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60612"
      }
    ],
    "trust": 1.17411168
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60612"
      }
    ]
  },
  "last_update_date": "2024-08-14T12:38:21.093000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Siemens RUGGEDCOM ROX Encryption Issue Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/449066"
      },
      {
        "title": "Siemens RUGGEDCOM ROX Fixes for encryption problem vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=246660"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60612"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-737"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-327",
        "trust": 1.0
      },
      {
        "problemtype": "Use of incomplete or dangerous cryptographic algorithms (CWE-327) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021736"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36749"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95292697/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36749"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01"
      },
      {
        "trust": 0.6,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2023-36749/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60612"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36749"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021736"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-737"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36749"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60612"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36749"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021736"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-737"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36749"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-60612"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-36749"
      },
      {
        "date": "2024-01-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021736"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-737"
      },
      {
        "date": "2023-07-11T10:15:11.103000",
        "db": "NVD",
        "id": "CVE-2023-36749"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-60612"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-36749"
      },
      {
        "date": "2024-01-19T08:07:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021736"
      },
      {
        "date": "2023-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-737"
      },
      {
        "date": "2023-07-18T16:57:14.643000",
        "db": "NVD",
        "id": "CVE-2023-36749"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-737"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Vulnerabilities related to the use of cryptographic algorithms in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021736"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-737"
      }
    ],
    "trust": 0.6
  }
}

var-202307-0589
Vulnerability from variot

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over to and from the affected device. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products, including firmware, have vulnerabilities related to encryption strength.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0589",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55708"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021737"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36748"
      }
    ]
  },
  "cve": "CVE-2023-36748",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "HIGH",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.2,
            "id": "CNVD-2023-55708",
            "impactScore": 8.5,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:A/AC:H/Au:N/C:P/I:C/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.6,
            "id": "CVE-2023-36748",
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT",
            "author": "productcert@siemens.com",
            "availabilityImpact": "LOW",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.2,
            "id": "CVE-2023-36748",
            "impactScore": 4.7,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2023-36748",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2023-36748",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2023-36748",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2023-36748",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-55708",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202307-738",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55708"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021737"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-738"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36748"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36748"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data\r\npassed over to and from the affected device. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products, including firmware, have vulnerabilities related to encryption strength.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-36748"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021737"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-55708"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36748"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-36748",
        "trust": 3.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-146325",
        "trust": 3.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-194-01",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95292697",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021737",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-55708",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-738",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36748",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55708"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36748"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021737"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-738"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36748"
      }
    ]
  },
  "id": "VAR-202307-0589",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55708"
      }
    ],
    "trust": 1.17411168
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55708"
      }
    ]
  },
  "last_update_date": "2024-08-14T12:56:53.690000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Siemens RUGGEDCOM ROX Weak Password Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/440291"
      },
      {
        "title": "Siemens RUGGEDCOM ROX A series of products Fixes for encryption problem vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=246661"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55708"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-738"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-326",
        "trust": 1.0
      },
      {
        "problemtype": "Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021737"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36748"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95292697/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36748"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01"
      },
      {
        "trust": 0.6,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2023-36748/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55708"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36748"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021737"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-738"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36748"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55708"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36748"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021737"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-738"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36748"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-07-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-55708"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-36748"
      },
      {
        "date": "2024-01-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021737"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-738"
      },
      {
        "date": "2023-07-11T10:15:11.033000",
        "db": "NVD",
        "id": "CVE-2023-36748"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-07-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-55708"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-36748"
      },
      {
        "date": "2024-01-19T08:07:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021737"
      },
      {
        "date": "2023-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-738"
      },
      {
        "date": "2023-07-18T16:40:40.913000",
        "db": "NVD",
        "id": "CVE-2023-36748"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-738"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cryptographic strength vulnerabilities in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021737"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-738"
      }
    ],
    "trust": 0.6
  }
}

var-202307-0595
Vulnerability from variot

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an “invalid params element name” error on the get_elements parameters. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0595",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55711"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021751"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36386"
      }
    ]
  },
  "cve": "CVE-2023-36386",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2023-55711",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2023-36386",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "productcert@siemens.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2023-36386",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2023-36386",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2023-36386",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2023-36386",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2023-36386",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-55711",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202307-743",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55711"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021751"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-743"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36386"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36386"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an\r\n\u201cinvalid params element name\u201d error on the get_elements parameters. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-36386"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021751"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-55711"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36386"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-36386",
        "trust": 3.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-146325",
        "trust": 3.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-194-01",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95292697",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021751",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-55711",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-743",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36386",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55711"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36386"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021751"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-743"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36386"
      }
    ]
  },
  "id": "VAR-202307-0595",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55711"
      }
    ],
    "trust": 1.17411168
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55711"
      }
    ]
  },
  "last_update_date": "2024-08-14T12:59:01.598000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Siemens RUGGEDCOM ROX cross-site scripting vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/440296"
      },
      {
        "title": "Siemens RUGGEDCOM ROX A series of products Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=246665"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55711"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-743"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.0
      },
      {
        "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021751"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36386"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95292697/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36386"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01"
      },
      {
        "trust": 0.6,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2023-36386/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55711"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36386"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021751"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-743"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36386"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55711"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36386"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021751"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-743"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36386"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-07-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-55711"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-36386"
      },
      {
        "date": "2024-01-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021751"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-743"
      },
      {
        "date": "2023-07-11T10:15:10.680000",
        "db": "NVD",
        "id": "CVE-2023-36386"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-07-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-55711"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-36386"
      },
      {
        "date": "2024-01-19T08:08:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021751"
      },
      {
        "date": "2023-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-743"
      },
      {
        "date": "2023-07-18T15:45:46.237000",
        "db": "NVD",
        "id": "CVE-2023-36386"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-743"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting vulnerability in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021751"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-743"
      }
    ],
    "trust": 0.6
  }
}

var-202307-0593
Vulnerability from variot

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments.

Siemens RUGGEDCOM ROX has a command injection vulnerability. The vulnerability stems from the lack of server-side input validation

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0593",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60609"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021733"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36752"
      }
    ]
  },
  "cve": "CVE-2023-36752",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2023-60609",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "id": "CVE-2023-36752",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "productcert@siemens.com",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.3,
            "id": "CVE-2023-36752",
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.2,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2023-36752",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2023-36752",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2023-36752",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2023-36752",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-60609",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202307-734",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60609"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021733"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-734"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36752"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36752"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments. \n\r\n\r\nSiemens RUGGEDCOM ROX has a command injection vulnerability. The vulnerability stems from the lack of server-side input validation",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-36752"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021733"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-60609"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36752"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-36752",
        "trust": 3.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-146325",
        "trust": 3.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-194-01",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95292697",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021733",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-60609",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-734",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36752",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60609"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36752"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021733"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-734"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36752"
      }
    ]
  },
  "id": "VAR-202307-0593",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60609"
      }
    ],
    "trust": 1.17411168
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60609"
      }
    ]
  },
  "last_update_date": "2024-08-14T13:13:06.612000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Siemens RUGGEDCOM ROX Command Injection Vulnerability (CNVD-2023-60609)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/449046"
      },
      {
        "title": "Siemens RUGGEDCOM ROX A series of products Fixes for command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=246657"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60609"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-734"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-77",
        "trust": 1.0
      },
      {
        "problemtype": "Command injection (CWE-77) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021733"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36752"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95292697/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36752"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01"
      },
      {
        "trust": 0.6,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2023-36752/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60609"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36752"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021733"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-734"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36752"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60609"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36752"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021733"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-734"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36752"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-60609"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-36752"
      },
      {
        "date": "2024-01-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021733"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-734"
      },
      {
        "date": "2023-07-11T10:15:11.297000",
        "db": "NVD",
        "id": "CVE-2023-36752"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-60609"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-36752"
      },
      {
        "date": "2024-01-19T08:07:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021733"
      },
      {
        "date": "2023-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-734"
      },
      {
        "date": "2023-07-18T18:36:28.237000",
        "db": "NVD",
        "id": "CVE-2023-36752"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-734"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Command injection vulnerability in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021733"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "command injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-734"
      }
    ],
    "trust": 0.6
  }
}

var-202307-0587
Vulnerability from variot

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products, including firmware, are vulnerable to cross-site request forgery.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0587",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55713"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024815"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29561"
      }
    ]
  },
  "cve": "CVE-2022-29561",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "CNVD-2023-55713",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2022-29561",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "productcert@siemens.com",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.6,
            "id": "CVE-2022-29561",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-29561",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-29561",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2022-29561",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-29561",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-55713",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202307-750",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55713"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024815"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-750"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29561"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29561"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products, including firmware, are vulnerable to cross-site request forgery.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-29561"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024815"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-55713"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29561"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-29561",
        "trust": 3.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-146325",
        "trust": 3.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-194-01",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95292697",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024815",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-55713",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-750",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29561",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55713"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29561"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024815"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-750"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29561"
      }
    ]
  },
  "id": "VAR-202307-0587",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55713"
      }
    ],
    "trust": 1.17411168
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55713"
      }
    ]
  },
  "last_update_date": "2024-08-14T12:40:05.778000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Siemens RUGGEDCOM ROX cross-site request forgery vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/440281"
      },
      {
        "title": "Siemens RUGGEDCOM ROX Fixes for cross-site request forgery vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=246669"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55713"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-750"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.0
      },
      {
        "problemtype": "Cross-site request forgery (CWE-352) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024815"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29561"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95292697/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29561"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01"
      },
      {
        "trust": 0.6,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-29561/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55713"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29561"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024815"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-750"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29561"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55713"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29561"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-024815"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-750"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29561"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-07-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-55713"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-29561"
      },
      {
        "date": "2024-01-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-024815"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-750"
      },
      {
        "date": "2023-07-11T10:15:09.970000",
        "db": "NVD",
        "id": "CVE-2022-29561"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-07-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-55713"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-29561"
      },
      {
        "date": "2024-01-19T08:14:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-024815"
      },
      {
        "date": "2023-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-750"
      },
      {
        "date": "2023-07-18T16:05:58.730000",
        "db": "NVD",
        "id": "CVE-2022-29561"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-750"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens RUGGEDCOM ROX cross-site request forgery vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55713"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-750"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-750"
      }
    ],
    "trust": 0.6
  }
}

var-202109-1914
Vulnerability from variot

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device. Multiple Siemens products contain a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a certain degree of reliability and set the standard for communication networks deployed in harsh environments. RUGGEDCOM RX1400 is a multi-protocol smart node that combines Ethernet switching, routing and application hosting functions with various wide-area connectivity options.

Siemens RUGGEDCOM ROX has an information disclosure vulnerability. Attackers can use vulnerabilities to obtain sensitive information. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The affected devices have an exposure of sensitive information vulnerability, if exploited, it could allow an authenticated malicious user to extract data via Secure Shell (SSH)

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1914",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71420"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011719"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37173"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Michael Messner from Siemens Energy reported these vulnerabilities to Siemens.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-810"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2021-37173",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2021-37173",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2021-71420",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULMON",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2021-37173",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2021-37173",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-37173",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-37173",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-37173",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-71420",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202109-810",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-37173",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71420"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37173"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011719"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-810"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37173"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device. Multiple Siemens products contain a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a certain degree of reliability and set the standard for communication networks deployed in harsh environments. RUGGEDCOM RX1400 is a multi-protocol smart node that combines Ethernet switching, routing and application hosting functions with various wide-area connectivity options. \n\r\n\r\nSiemens RUGGEDCOM ROX has an information disclosure vulnerability. Attackers can use vulnerabilities to obtain sensitive information. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The affected devices have an exposure of sensitive information vulnerability, if exploited, it could allow an authenticated malicious user to extract data via Secure Shell (SSH)",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-37173"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011719"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-71420"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37173"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-37173",
        "trust": 3.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-150692",
        "trust": 2.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011719",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-71420",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3140",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-259-01",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021091703",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-810",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37173",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71420"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37173"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011719"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-810"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37173"
      }
    ]
  },
  "id": "VAR-202109-1914",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71420"
      }
    ],
    "trust": 1.12540106
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71420"
      }
    ]
  },
  "last_update_date": "2024-08-14T12:44:31.634000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-150692",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf"
      },
      {
        "title": "Patch for Siemens RUGGEDCOM ROX Information Disclosure Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/290831"
      },
      {
        "title": "Siemens RUGGEDCOM Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=174336"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=93a87ed46de57a6f27b2f3f9a3698e0c"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71420"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37173"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011719"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-810"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-269",
        "trust": 1.0
      },
      {
        "problemtype": "Improper authority management (CWE-269) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011719"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37173"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37173"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-259-01"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ruggedcom-rox-three-vulnerabilities-36396"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021091703"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3140"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-150692.txt"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71420"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37173"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011719"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-810"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37173"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71420"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37173"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011719"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-810"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37173"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-71420"
      },
      {
        "date": "2021-09-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-37173"
      },
      {
        "date": "2022-08-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-011719"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-09-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-810"
      },
      {
        "date": "2021-09-14T11:15:25.180000",
        "db": "NVD",
        "id": "CVE-2021-37173"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-71420"
      },
      {
        "date": "2021-09-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-37173"
      },
      {
        "date": "2022-08-09T06:52:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-011719"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-12-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-810"
      },
      {
        "date": "2021-12-14T20:42:49.173000",
        "db": "NVD",
        "id": "CVE-2021-37173"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-810"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Privilege management vulnerability in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011719"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

var-202109-1215
Vulnerability from variot

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices. Multiple Siemens products contain an exceptional state handling vulnerability.Information may be obtained. RUGGEDCOM products provide a certain degree of reliability and set the standard for communication networks deployed in harsh environments. RUGGEDCOM RX1400 is a multi-protocol smart node that combines Ethernet switching, routing and application hosting functions with various wide-area connectivity options. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1215",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.1"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.14.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71418"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011723"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37175"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Michael Messner from Siemens Energy reported these vulnerabilities to Siemens.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-804"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2021-37175",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2021-37175",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2021-71418",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-37175",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2021-37175",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-37175",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2021-37175",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-71418",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202109-804",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-37175",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71418"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37175"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-804"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37175"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices. Multiple Siemens products contain an exceptional state handling vulnerability.Information may be obtained. RUGGEDCOM products provide a certain degree of reliability and set the standard for communication networks deployed in harsh environments. RUGGEDCOM RX1400 is a multi-protocol smart node that combines Ethernet switching, routing and application hosting functions with various wide-area connectivity options. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-37175"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011723"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-71418"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37175"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-37175",
        "trust": 3.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-150692",
        "trust": 2.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011723",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-71418",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3140",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-259-01",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021091703",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-804",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37175",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71418"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37175"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-804"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37175"
      }
    ]
  },
  "id": "VAR-202109-1215",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71418"
      }
    ],
    "trust": 1.12540106
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71418"
      }
    ]
  },
  "last_update_date": "2024-08-14T13:08:50.978000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-150692",
        "trust": 0.8,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf"
      },
      {
        "title": "Patch for Siemens RUGGEDCOM ROX has unspecified vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/290841"
      },
      {
        "title": "Siemens RUGGEDCOM Remediation measures for authorization problem vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=163657"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=93a87ed46de57a6f27b2f3f9a3698e0c"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71418"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37175"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-804"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-280",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-755",
        "trust": 1.0
      },
      {
        "problemtype": "Improper handling in exceptional conditions (CWE-755) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011723"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37175"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37175"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-259-01"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/ruggedcom-rox-three-vulnerabilities-36396"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021091703"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3140"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/755.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-150692.txt"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71418"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37175"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-804"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37175"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-71418"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37175"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-804"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37175"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-71418"
      },
      {
        "date": "2021-09-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-37175"
      },
      {
        "date": "2022-08-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-011723"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-09-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-804"
      },
      {
        "date": "2021-09-14T11:15:25.367000",
        "db": "NVD",
        "id": "CVE-2021-37175"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-71418"
      },
      {
        "date": "2021-09-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-37175"
      },
      {
        "date": "2022-08-09T06:52:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-011723"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-09-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202109-804"
      },
      {
        "date": "2022-10-27T12:58:47.147000",
        "db": "NVD",
        "id": "CVE-2021-37175"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202109-804"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Exceptional State Handling Vulnerability in Multiple Siemens Products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-011723"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

var-202010-0251
Vulnerability from variot

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

For the stable distribution (buster), these problems have been fixed in version 2:3.42.1-1+deb10u3.

For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nss

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8R6BYACgkQEMKTtsN8 Tjbolg/9H3VC4r4Wmc8A4OejmH67QEZqyhzCxvd4UCpvLTJuY9JOYGy3KVhClnsz XDTqyQ8k5ez7OQt5HLy3giLJpMKUSYuSDJSbK0A3DTO5bKVg17Uol5X6RA7Coz/2 yJRRWH03dTfRoqaWQ8xHigBChTxMdYhkvh6433DzLpbuj+FV77FcivjTxZB2zFrp tHuvzN9exI4+aZCFAZPyRFct0vYHpHCP8qzgD+FMflInzBAARFPjnx8+c50+Hlp2 cB/Iq3L5EiE5T1azAAD8fgKqEGnF9OHjWxBONhXqXwhvnKKqfrLIpMf+oBvr8OEZ rKZElK0wQb6z24vDiDxFR8C8EuigYpV3YDsWwu3V8M71igw8DJseHQ/UnC4dT/Y3 QTtNtcWcheM5qiOnkiHCCZsybglI6NbdxPwfnhv9ltnunipFPtE8A56QQuOXGIcc 4P/5tRlRwAVSy+JZVCbJu7jrBe/y02RYXb6Sv5hZ0iqUAZadiFlJC0WdvWAOLJsL Z/IrRkH7KMwchOAxp5NY6qHfxXHKjFvfahglFkDsaYoEwVROKjhG5idn3NVCc656 tP5rcl1dQY4LHQZEESgps86uJGy9+8NpHHU9v9fqFZNlkBfYBWTZv0otzssOwPfu QIq7f2J77JHM8ldYzmfDVQnWBnKpnjc/B8UmvaaAkEM73N3MPu0= =VQPA -----END PGP SIGNATURE----- . ========================================================================= Ubuntu Security Notice USN-4231-1 January 08, 2020

nss vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.10
  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM

Summary:

NSS could be made to execute arbitrary code if it received a specially crafted input. An attacker could possibly use this issue to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10: libnss3 2:3.45-1ubuntu2.2

Ubuntu 19.04: libnss3 2:3.42-1ubuntu2.5

Ubuntu 18.04 LTS: libnss3 2:3.35-2ubuntu2.7

Ubuntu 16.04 LTS: libnss3 2:3.28.4-0ubuntu0.16.04.10

Ubuntu 14.04 ESM: libnss3 2:3.28.4-0ubuntu0.14.04.5+esm4

Ubuntu 12.04 ESM: libnss3 2:3.28.4-0ubuntu0.12.04.7

After a standard system update you need to reboot your computer to make all the necessary changes. 7.7) - ppc64, ppc64le, s390x, x86_64

  1. Solution:

For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html

  1. Bugs fixed (https://bugzilla.redhat.com/):

1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method 1850004 - CVE-2020-11023 jquery: Passing HTML containing

  1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: nss and nspr security, bug fix, and enhancement update Advisory ID: RHSA-2020:4076-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4076 Issue date: 2020-09-29 CVE Names: CVE-2019-11719 CVE-2019-11727 CVE-2019-11756 CVE-2019-17006 CVE-2019-17023 CVE-2020-6829 CVE-2020-12400 CVE-2020-12401 CVE-2020-12402 CVE-2020-12403 ==================================================================== 1. Summary:

An update for nss, nss-softokn, nss-util, and nspr is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities.

The following packages have been upgraded to a later upstream version: nss (3.53.1), nss-softokn (3.53.1), nss-util (3.53.1), nspr (4.25.0). (BZ#1804262, BZ#1804264, BZ#1804271, BZ#1804273)

Security Fix(es):

  • nss: Out-of-bounds read when importing curve25519 private key (CVE-2019-11719)

  • nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756)

  • nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)

  • nss: Side channel attack on ECDSA signature generation (CVE-2020-6829)

  • nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function (CVE-2020-12400)

  • nss: ECDSA timing attack mitigation bypass (CVE-2020-12401)

  • nss: Side channel vulnerabilities during RSA key generation (CVE-2020-12402)

  • nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403)

  • nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727)

  • nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state (CVE-2019-17023)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Memory leak: libcurl leaks 120 bytes on each connection (BZ#1688958)

  • NSS does not set downgrade sentinel in ServerHello.random for TLS 1.0 and TLS 1.1 (BZ#1712924)

  • Make TLS 1.3 work in FIPS mode (BZ#1724251)

  • Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name (BZ#1737910)

  • x25519 allowed in FIPS mode (BZ#1754518)

  • When NSS_SDB_USE_CACHE not set, after curl access https, dentry increase but never released - consider alternative algorithm for benchmarking ACCESS call in sdb_measureAccess (BZ#1779325)

  • Running ipa-backup continuously causes httpd to crash and makes it irrecoverable (BZ#1804015)

  • nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1857308)

  • KDF-self-tests-induced changes for nss in RHEL 7.9 (BZ#1870885)

  • Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, applications using NSS or NSPR (for example, Firefox) must be restarted for this update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1688958 - Memory leak: libcurl leaks 120 bytes on each connection [rhel-7.9.z] 1724251 - Make TLS 1.3 work in FIPS mode [rhel-7.9.z] 1728436 - CVE-2019-11719 nss: Out-of-bounds read when importing curve25519 private key 1730988 - CVE-2019-11727 nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 1737910 - Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name [rhel-7.9.z] 1774835 - CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting 1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives 1779325 - when NSS_SDB_USE_CACHE not set, after curl access https, dentry increase but never released - consider alternative algorithm for benchmarking ACCESS call in sdb_measureAccess 1791225 - CVE-2019-17023 nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state 1804015 - Running ipa-backup continuously causes httpd to crash and makes it irrecoverable 1826187 - CVE-2020-6829 nss: Side channel attack on ECDSA signature generation 1826231 - CVE-2020-12402 nss: Side channel vulnerabilities during RSA key generation 1851294 - CVE-2020-12401 nss: ECDSA timing attack mitigation bypass 1853983 - CVE-2020-12400 nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function 1868931 - CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read 1870885 - KDF-self-tests-induced changes for nss in RHEL 7.9

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: nspr-4.25.0-2.el7_9.src.rpm nss-3.53.1-3.el7_9.src.rpm nss-softokn-3.53.1-6.el7_9.src.rpm nss-util-3.53.1-1.el7_9.src.rpm

x86_64: nspr-4.25.0-2.el7_9.i686.rpm nspr-4.25.0-2.el7_9.x86_64.rpm nspr-debuginfo-4.25.0-2.el7_9.i686.rpm nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm nss-3.53.1-3.el7_9.i686.rpm nss-3.53.1-3.el7_9.x86_64.rpm nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-softokn-3.53.1-6.el7_9.i686.rpm nss-softokn-3.53.1-6.el7_9.x86_64.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm nss-sysinit-3.53.1-3.el7_9.x86_64.rpm nss-tools-3.53.1-3.el7_9.x86_64.rpm nss-util-3.53.1-1.el7_9.i686.rpm nss-util-3.53.1-1.el7_9.x86_64.rpm nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: nspr-debuginfo-4.25.0-2.el7_9.i686.rpm nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm nspr-devel-4.25.0-2.el7_9.i686.rpm nspr-devel-4.25.0-2.el7_9.x86_64.rpm nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-devel-3.53.1-3.el7_9.i686.rpm nss-devel-3.53.1-3.el7_9.x86_64.rpm nss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm nss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm nss-softokn-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm nss-util-devel-3.53.1-1.el7_9.i686.rpm nss-util-devel-3.53.1-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: nspr-4.25.0-2.el7_9.src.rpm nss-3.53.1-3.el7_9.src.rpm nss-softokn-3.53.1-6.el7_9.src.rpm nss-util-3.53.1-1.el7_9.src.rpm

x86_64: nspr-4.25.0-2.el7_9.i686.rpm nspr-4.25.0-2.el7_9.x86_64.rpm nspr-debuginfo-4.25.0-2.el7_9.i686.rpm nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm nss-3.53.1-3.el7_9.i686.rpm nss-3.53.1-3.el7_9.x86_64.rpm nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-softokn-3.53.1-6.el7_9.i686.rpm nss-softokn-3.53.1-6.el7_9.x86_64.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm nss-sysinit-3.53.1-3.el7_9.x86_64.rpm nss-tools-3.53.1-3.el7_9.x86_64.rpm nss-util-3.53.1-1.el7_9.i686.rpm nss-util-3.53.1-1.el7_9.x86_64.rpm nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: nspr-debuginfo-4.25.0-2.el7_9.i686.rpm nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm nspr-devel-4.25.0-2.el7_9.i686.rpm nspr-devel-4.25.0-2.el7_9.x86_64.rpm nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-devel-3.53.1-3.el7_9.i686.rpm nss-devel-3.53.1-3.el7_9.x86_64.rpm nss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm nss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm nss-softokn-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm nss-util-devel-3.53.1-1.el7_9.i686.rpm nss-util-devel-3.53.1-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: nspr-4.25.0-2.el7_9.src.rpm nss-3.53.1-3.el7_9.src.rpm nss-softokn-3.53.1-6.el7_9.src.rpm nss-util-3.53.1-1.el7_9.src.rpm

ppc64: nspr-4.25.0-2.el7_9.ppc.rpm nspr-4.25.0-2.el7_9.ppc64.rpm nspr-debuginfo-4.25.0-2.el7_9.ppc.rpm nspr-debuginfo-4.25.0-2.el7_9.ppc64.rpm nspr-devel-4.25.0-2.el7_9.ppc.rpm nspr-devel-4.25.0-2.el7_9.ppc64.rpm nss-3.53.1-3.el7_9.ppc.rpm nss-3.53.1-3.el7_9.ppc64.rpm nss-debuginfo-3.53.1-3.el7_9.ppc.rpm nss-debuginfo-3.53.1-3.el7_9.ppc64.rpm nss-devel-3.53.1-3.el7_9.ppc.rpm nss-devel-3.53.1-3.el7_9.ppc64.rpm nss-softokn-3.53.1-6.el7_9.ppc.rpm nss-softokn-3.53.1-6.el7_9.ppc64.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.ppc.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.ppc64.rpm nss-softokn-devel-3.53.1-6.el7_9.ppc.rpm nss-softokn-devel-3.53.1-6.el7_9.ppc64.rpm nss-softokn-freebl-3.53.1-6.el7_9.ppc.rpm nss-softokn-freebl-3.53.1-6.el7_9.ppc64.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.ppc.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.ppc64.rpm nss-sysinit-3.53.1-3.el7_9.ppc64.rpm nss-tools-3.53.1-3.el7_9.ppc64.rpm nss-util-3.53.1-1.el7_9.ppc.rpm nss-util-3.53.1-1.el7_9.ppc64.rpm nss-util-debuginfo-3.53.1-1.el7_9.ppc.rpm nss-util-debuginfo-3.53.1-1.el7_9.ppc64.rpm nss-util-devel-3.53.1-1.el7_9.ppc.rpm nss-util-devel-3.53.1-1.el7_9.ppc64.rpm

ppc64le: nspr-4.25.0-2.el7_9.ppc64le.rpm nspr-debuginfo-4.25.0-2.el7_9.ppc64le.rpm nspr-devel-4.25.0-2.el7_9.ppc64le.rpm nss-3.53.1-3.el7_9.ppc64le.rpm nss-debuginfo-3.53.1-3.el7_9.ppc64le.rpm nss-devel-3.53.1-3.el7_9.ppc64le.rpm nss-softokn-3.53.1-6.el7_9.ppc64le.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.ppc64le.rpm nss-softokn-devel-3.53.1-6.el7_9.ppc64le.rpm nss-softokn-freebl-3.53.1-6.el7_9.ppc64le.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.ppc64le.rpm nss-sysinit-3.53.1-3.el7_9.ppc64le.rpm nss-tools-3.53.1-3.el7_9.ppc64le.rpm nss-util-3.53.1-1.el7_9.ppc64le.rpm nss-util-debuginfo-3.53.1-1.el7_9.ppc64le.rpm nss-util-devel-3.53.1-1.el7_9.ppc64le.rpm

s390x: nspr-4.25.0-2.el7_9.s390.rpm nspr-4.25.0-2.el7_9.s390x.rpm nspr-debuginfo-4.25.0-2.el7_9.s390.rpm nspr-debuginfo-4.25.0-2.el7_9.s390x.rpm nspr-devel-4.25.0-2.el7_9.s390.rpm nspr-devel-4.25.0-2.el7_9.s390x.rpm nss-3.53.1-3.el7_9.s390.rpm nss-3.53.1-3.el7_9.s390x.rpm nss-debuginfo-3.53.1-3.el7_9.s390.rpm nss-debuginfo-3.53.1-3.el7_9.s390x.rpm nss-devel-3.53.1-3.el7_9.s390.rpm nss-devel-3.53.1-3.el7_9.s390x.rpm nss-softokn-3.53.1-6.el7_9.s390.rpm nss-softokn-3.53.1-6.el7_9.s390x.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.s390.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.s390x.rpm nss-softokn-devel-3.53.1-6.el7_9.s390.rpm nss-softokn-devel-3.53.1-6.el7_9.s390x.rpm nss-softokn-freebl-3.53.1-6.el7_9.s390.rpm nss-softokn-freebl-3.53.1-6.el7_9.s390x.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.s390.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.s390x.rpm nss-sysinit-3.53.1-3.el7_9.s390x.rpm nss-tools-3.53.1-3.el7_9.s390x.rpm nss-util-3.53.1-1.el7_9.s390.rpm nss-util-3.53.1-1.el7_9.s390x.rpm nss-util-debuginfo-3.53.1-1.el7_9.s390.rpm nss-util-debuginfo-3.53.1-1.el7_9.s390x.rpm nss-util-devel-3.53.1-1.el7_9.s390.rpm nss-util-devel-3.53.1-1.el7_9.s390x.rpm

x86_64: nspr-4.25.0-2.el7_9.i686.rpm nspr-4.25.0-2.el7_9.x86_64.rpm nspr-debuginfo-4.25.0-2.el7_9.i686.rpm nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm nspr-devel-4.25.0-2.el7_9.i686.rpm nspr-devel-4.25.0-2.el7_9.x86_64.rpm nss-3.53.1-3.el7_9.i686.rpm nss-3.53.1-3.el7_9.x86_64.rpm nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-devel-3.53.1-3.el7_9.i686.rpm nss-devel-3.53.1-3.el7_9.x86_64.rpm nss-softokn-3.53.1-6.el7_9.i686.rpm nss-softokn-3.53.1-6.el7_9.x86_64.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm nss-softokn-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm nss-sysinit-3.53.1-3.el7_9.x86_64.rpm nss-tools-3.53.1-3.el7_9.x86_64.rpm nss-util-3.53.1-1.el7_9.i686.rpm nss-util-3.53.1-1.el7_9.x86_64.rpm nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm nss-util-devel-3.53.1-1.el7_9.i686.rpm nss-util-devel-3.53.1-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: nss-debuginfo-3.53.1-3.el7_9.ppc.rpm nss-debuginfo-3.53.1-3.el7_9.ppc64.rpm nss-pkcs11-devel-3.53.1-3.el7_9.ppc.rpm nss-pkcs11-devel-3.53.1-3.el7_9.ppc64.rpm

ppc64le: nss-debuginfo-3.53.1-3.el7_9.ppc64le.rpm nss-pkcs11-devel-3.53.1-3.el7_9.ppc64le.rpm

s390x: nss-debuginfo-3.53.1-3.el7_9.s390.rpm nss-debuginfo-3.53.1-3.el7_9.s390x.rpm nss-pkcs11-devel-3.53.1-3.el7_9.s390.rpm nss-pkcs11-devel-3.53.1-3.el7_9.s390x.rpm

x86_64: nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm nss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: nspr-4.25.0-2.el7_9.src.rpm nss-3.53.1-3.el7_9.src.rpm nss-softokn-3.53.1-6.el7_9.src.rpm nss-util-3.53.1-1.el7_9.src.rpm

x86_64: nspr-4.25.0-2.el7_9.i686.rpm nspr-4.25.0-2.el7_9.x86_64.rpm nspr-debuginfo-4.25.0-2.el7_9.i686.rpm nspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm nspr-devel-4.25.0-2.el7_9.i686.rpm nspr-devel-4.25.0-2.el7_9.x86_64.rpm nss-3.53.1-3.el7_9.i686.rpm nss-3.53.1-3.el7_9.x86_64.rpm nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-devel-3.53.1-3.el7_9.i686.rpm nss-devel-3.53.1-3.el7_9.x86_64.rpm nss-softokn-3.53.1-6.el7_9.i686.rpm nss-softokn-3.53.1-6.el7_9.x86_64.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm nss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm nss-softokn-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm nss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm nss-sysinit-3.53.1-3.el7_9.x86_64.rpm nss-tools-3.53.1-3.el7_9.x86_64.rpm nss-util-3.53.1-1.el7_9.i686.rpm nss-util-3.53.1-1.el7_9.x86_64.rpm nss-util-debuginfo-3.53.1-1.el7_9.i686.rpm nss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm nss-util-devel-3.53.1-1.el7_9.i686.rpm nss-util-devel-3.53.1-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: nss-debuginfo-3.53.1-3.el7_9.i686.rpm nss-debuginfo-3.53.1-3.el7_9.x86_64.rpm nss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm nss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2019-11719 https://access.redhat.com/security/cve/CVE-2019-11727 https://access.redhat.com/security/cve/CVE-2019-11756 https://access.redhat.com/security/cve/CVE-2019-17006 https://access.redhat.com/security/cve/CVE-2019-17023 https://access.redhat.com/security/cve/CVE-2020-6829 https://access.redhat.com/security/cve/CVE-2020-12400 https://access.redhat.com/security/cve/CVE-2020-12401 https://access.redhat.com/security/cve/CVE-2020-12402 https://access.redhat.com/security/cve/CVE-2020-12403 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBX3Ok2NzjgjWX9erEAQidHRAAn/wr+iQpt5b54IqKwTLgtnBpRshAWWk1 9xIvejwv+oMhbvULKuTeiCKZetFXErAZcyPYwChDt2X5ZoGUxsIUAAx8pphKaScM 7dLXSGqgYNtduYmBAc2XlDIk244sYednkJ12uK6AjIgtY93wPcrk7wR9wbMF6xKL 9YjsfdKso7bN3vIx43idBVvgs2yArnFYhzCu7azIHxnuiDu9QC1KUomAhEjLlFFk vjsbxL32eb/XFQ6pizoO2Nn3ZREejnAOlTu9U0Hc/u4FxRTns+HcVx6GIA+yNNMO Hfbq1cKzshd7yowumhvatQNjtddmI8pHpW78KVJPma9t8IuoegXAwsXhti39dmtG mWcT0k+1ve+f9MIjY0FpZSFZycyUnmRf+bSstBwsoTL0hHe3RLOEYWulJMZGLyyg yCE36KONSTBo2SoNUMKVlWEIFVvEs9ixq0gzr9tGtGtYra5/GZ0MZntUM2zDwX6N Kd9i7BrjujmL+x0hdjHxGd8BbIf0DO7xOrKyB6IhRu+8MO2qoQayQ3dzyzJixH4z HMk5J5qMHcC2PVxLcKyIbKerm00ZY3ZNarxYdRHmJoX7xV2K69PiPv+2+82k8138 3OVEJSsjfckX2/tinighYNX8HsTtLG8+G1THzF5oRqCS9+T6lBsoorpL+X+YqJNQ eHKv0fAxZzA=Zbhx -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, ppc64le, s390x, x86_64

  1. (BZ#1854564)

  2. nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1855825)

Enhancement(s):

  • [RFE] nss should use AES for storage of keys (BZ#1723819)

  • [rhel-8.2.0.z]

  • Description:

  • Updated python-psutil version to 5.6.6 inside ansible-runner container (CVE-2019-18874)

  • Bugs fixed (https://bugzilla.redhat.com/):

1772014 - CVE-2019-18874 python-psutil: double free because of refcount mishandling

5

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202010-0251",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "hci management node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "solidfire",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "hci compute node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "network security services",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "3.46"
      },
      {
        "model": "hci storage node",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "netapp",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-17006"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "161706"
      },
      {
        "db": "PACKETSTORM",
        "id": "162026"
      },
      {
        "db": "PACKETSTORM",
        "id": "161727"
      },
      {
        "db": "PACKETSTORM",
        "id": "159553"
      },
      {
        "db": "PACKETSTORM",
        "id": "159396"
      },
      {
        "db": "PACKETSTORM",
        "id": "158724"
      },
      {
        "db": "PACKETSTORM",
        "id": "159552"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2019-17006",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-17006",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-17006",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-17006",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201912-1134",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-17006",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-17006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17006"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2:3.42.1-1+deb10u3. \n\nFor the detailed security status of nss please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nss\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8R6BYACgkQEMKTtsN8\nTjbolg/9H3VC4r4Wmc8A4OejmH67QEZqyhzCxvd4UCpvLTJuY9JOYGy3KVhClnsz\nXDTqyQ8k5ez7OQt5HLy3giLJpMKUSYuSDJSbK0A3DTO5bKVg17Uol5X6RA7Coz/2\nyJRRWH03dTfRoqaWQ8xHigBChTxMdYhkvh6433DzLpbuj+FV77FcivjTxZB2zFrp\ntHuvzN9exI4+aZCFAZPyRFct0vYHpHCP8qzgD+FMflInzBAARFPjnx8+c50+Hlp2\ncB/Iq3L5EiE5T1azAAD8fgKqEGnF9OHjWxBONhXqXwhvnKKqfrLIpMf+oBvr8OEZ\nrKZElK0wQb6z24vDiDxFR8C8EuigYpV3YDsWwu3V8M71igw8DJseHQ/UnC4dT/Y3\nQTtNtcWcheM5qiOnkiHCCZsybglI6NbdxPwfnhv9ltnunipFPtE8A56QQuOXGIcc\n4P/5tRlRwAVSy+JZVCbJu7jrBe/y02RYXb6Sv5hZ0iqUAZadiFlJC0WdvWAOLJsL\nZ/IrRkH7KMwchOAxp5NY6qHfxXHKjFvfahglFkDsaYoEwVROKjhG5idn3NVCc656\ntP5rcl1dQY4LHQZEESgps86uJGy9+8NpHHU9v9fqFZNlkBfYBWTZv0otzssOwPfu\nQIq7f2J77JHM8ldYzmfDVQnWBnKpnjc/B8UmvaaAkEM73N3MPu0=\n=VQPA\n-----END PGP SIGNATURE-----\n. =========================================================================\nUbuntu Security Notice USN-4231-1\nJanuary 08, 2020\n\nnss vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.10\n- Ubuntu 19.04\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nNSS could be made to execute arbitrary code if it received a specially\ncrafted input. An\nattacker could possibly use this issue to execute arbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.10:\n  libnss3                         2:3.45-1ubuntu2.2\n\nUbuntu 19.04:\n  libnss3                         2:3.42-1ubuntu2.5\n\nUbuntu 18.04 LTS:\n  libnss3                         2:3.35-2ubuntu2.7\n\nUbuntu 16.04 LTS:\n  libnss3                         2:3.28.4-0ubuntu0.16.04.10\n\nUbuntu 14.04 ESM:\n  libnss3                         2:3.28.4-0ubuntu0.14.04.5+esm4\n\nUbuntu 12.04 ESM:\n  libnss3                         2:3.28.4-0ubuntu0.12.04.7\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. 7.7) - ppc64, ppc64le, s390x, x86_64\n\n3. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page\n1828406 - CVE-2020-11022 jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method\n1850004 - CVE-2020-11023 jquery: Passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution\n1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection\n1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: nss and nspr security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2020:4076-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2020:4076\nIssue date:        2020-09-29\nCVE Names:         CVE-2019-11719 CVE-2019-11727 CVE-2019-11756\n                   CVE-2019-17006 CVE-2019-17023 CVE-2020-6829\n                   CVE-2020-12400 CVE-2020-12401 CVE-2020-12402\n                   CVE-2020-12403\n====================================================================\n1. Summary:\n\nAn update for nss, nss-softokn, nss-util, and nspr is now available for Red\nHat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. \n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. \n\nThe following packages have been upgraded to a later upstream version: nss\n(3.53.1), nss-softokn (3.53.1), nss-util (3.53.1), nspr (4.25.0). \n(BZ#1804262, BZ#1804264, BZ#1804271, BZ#1804273)\n\nSecurity Fix(es):\n\n* nss: Out-of-bounds read when importing curve25519 private key\n(CVE-2019-11719)\n\n* nss: Use-after-free in sftk_FreeSession due to improper refcounting\n(CVE-2019-11756)\n\n* nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)\n\n* nss: Side channel attack on ECDSA signature generation (CVE-2020-6829)\n\n* nss: P-384 and P-521 implementation uses a side-channel vulnerable\nmodular inversion function (CVE-2020-12400)\n\n* nss: ECDSA timing attack mitigation bypass (CVE-2020-12401)\n\n* nss: Side channel vulnerabilities during RSA key generation\n(CVE-2020-12402)\n\n* nss: CHACHA20-POLY1305 decryption with undersized tag leads to\nout-of-bounds read (CVE-2020-12403)\n\n* nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727)\n\n* nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid\nstate (CVE-2019-17023)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Memory leak: libcurl leaks 120 bytes on each connection (BZ#1688958)\n\n* NSS does not set downgrade sentinel in ServerHello.random for TLS 1.0 and\nTLS 1.1 (BZ#1712924)\n\n* Make TLS 1.3 work in FIPS mode (BZ#1724251)\n\n* Name Constraints validation: CN treated as DNS name even when\nsyntactically invalid as DNS name (BZ#1737910)\n\n* x25519 allowed in FIPS mode (BZ#1754518)\n\n* When NSS_SDB_USE_CACHE not set, after curl access https, dentry increase\nbut never released - consider alternative algorithm for benchmarking ACCESS\ncall in sdb_measureAccess (BZ#1779325)\n\n* Running ipa-backup continuously causes httpd to crash and makes it\nirrecoverable (BZ#1804015)\n\n* nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1857308)\n\n* KDF-self-tests-induced changes for nss in RHEL 7.9 (BZ#1870885)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, applications using NSS or NSPR (for example,\nFirefox) must be restarted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1688958 - Memory leak: libcurl leaks 120 bytes on each connection [rhel-7.9.z]\n1724251 - Make TLS 1.3 work in FIPS mode [rhel-7.9.z]\n1728436 - CVE-2019-11719 nss: Out-of-bounds read when importing curve25519 private key\n1730988 - CVE-2019-11727 nss: PKCS#1 v1.5 signatures can be used for TLS 1.3\n1737910 - Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name [rhel-7.9.z]\n1774835 - CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting\n1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives\n1779325 - when NSS_SDB_USE_CACHE not set, after curl access https, dentry increase but never released - consider alternative algorithm for benchmarking ACCESS call in sdb_measureAccess\n1791225 - CVE-2019-17023 nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state\n1804015 - Running ipa-backup continuously causes httpd to crash and makes it irrecoverable\n1826187 - CVE-2020-6829 nss: Side channel attack on ECDSA signature generation\n1826231 - CVE-2020-12402 nss: Side channel vulnerabilities during RSA key generation\n1851294 - CVE-2020-12401 nss: ECDSA timing attack mitigation bypass\n1853983 - CVE-2020-12400 nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function\n1868931 - CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read\n1870885 - KDF-self-tests-induced changes for nss in RHEL 7.9\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nnspr-4.25.0-2.el7_9.src.rpm\nnss-3.53.1-3.el7_9.src.rpm\nnss-softokn-3.53.1-6.el7_9.src.rpm\nnss-util-3.53.1-1.el7_9.src.rpm\n\nx86_64:\nnspr-4.25.0-2.el7_9.i686.rpm\nnspr-4.25.0-2.el7_9.x86_64.rpm\nnspr-debuginfo-4.25.0-2.el7_9.i686.rpm\nnspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm\nnss-3.53.1-3.el7_9.i686.rpm\nnss-3.53.1-3.el7_9.x86_64.rpm\nnss-debuginfo-3.53.1-3.el7_9.i686.rpm\nnss-debuginfo-3.53.1-3.el7_9.x86_64.rpm\nnss-softokn-3.53.1-6.el7_9.i686.rpm\nnss-softokn-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.i686.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm\nnss-sysinit-3.53.1-3.el7_9.x86_64.rpm\nnss-tools-3.53.1-3.el7_9.x86_64.rpm\nnss-util-3.53.1-1.el7_9.i686.rpm\nnss-util-3.53.1-1.el7_9.x86_64.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.i686.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nnspr-debuginfo-4.25.0-2.el7_9.i686.rpm\nnspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm\nnspr-devel-4.25.0-2.el7_9.i686.rpm\nnspr-devel-4.25.0-2.el7_9.x86_64.rpm\nnss-debuginfo-3.53.1-3.el7_9.i686.rpm\nnss-debuginfo-3.53.1-3.el7_9.x86_64.rpm\nnss-devel-3.53.1-3.el7_9.i686.rpm\nnss-devel-3.53.1-3.el7_9.x86_64.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-devel-3.53.1-6.el7_9.i686.rpm\nnss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.i686.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm\nnss-util-devel-3.53.1-1.el7_9.i686.rpm\nnss-util-devel-3.53.1-1.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nnspr-4.25.0-2.el7_9.src.rpm\nnss-3.53.1-3.el7_9.src.rpm\nnss-softokn-3.53.1-6.el7_9.src.rpm\nnss-util-3.53.1-1.el7_9.src.rpm\n\nx86_64:\nnspr-4.25.0-2.el7_9.i686.rpm\nnspr-4.25.0-2.el7_9.x86_64.rpm\nnspr-debuginfo-4.25.0-2.el7_9.i686.rpm\nnspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm\nnss-3.53.1-3.el7_9.i686.rpm\nnss-3.53.1-3.el7_9.x86_64.rpm\nnss-debuginfo-3.53.1-3.el7_9.i686.rpm\nnss-debuginfo-3.53.1-3.el7_9.x86_64.rpm\nnss-softokn-3.53.1-6.el7_9.i686.rpm\nnss-softokn-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.i686.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm\nnss-sysinit-3.53.1-3.el7_9.x86_64.rpm\nnss-tools-3.53.1-3.el7_9.x86_64.rpm\nnss-util-3.53.1-1.el7_9.i686.rpm\nnss-util-3.53.1-1.el7_9.x86_64.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.i686.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nnspr-debuginfo-4.25.0-2.el7_9.i686.rpm\nnspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm\nnspr-devel-4.25.0-2.el7_9.i686.rpm\nnspr-devel-4.25.0-2.el7_9.x86_64.rpm\nnss-debuginfo-3.53.1-3.el7_9.i686.rpm\nnss-debuginfo-3.53.1-3.el7_9.x86_64.rpm\nnss-devel-3.53.1-3.el7_9.i686.rpm\nnss-devel-3.53.1-3.el7_9.x86_64.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-devel-3.53.1-6.el7_9.i686.rpm\nnss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.i686.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm\nnss-util-devel-3.53.1-1.el7_9.i686.rpm\nnss-util-devel-3.53.1-1.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nnspr-4.25.0-2.el7_9.src.rpm\nnss-3.53.1-3.el7_9.src.rpm\nnss-softokn-3.53.1-6.el7_9.src.rpm\nnss-util-3.53.1-1.el7_9.src.rpm\n\nppc64:\nnspr-4.25.0-2.el7_9.ppc.rpm\nnspr-4.25.0-2.el7_9.ppc64.rpm\nnspr-debuginfo-4.25.0-2.el7_9.ppc.rpm\nnspr-debuginfo-4.25.0-2.el7_9.ppc64.rpm\nnspr-devel-4.25.0-2.el7_9.ppc.rpm\nnspr-devel-4.25.0-2.el7_9.ppc64.rpm\nnss-3.53.1-3.el7_9.ppc.rpm\nnss-3.53.1-3.el7_9.ppc64.rpm\nnss-debuginfo-3.53.1-3.el7_9.ppc.rpm\nnss-debuginfo-3.53.1-3.el7_9.ppc64.rpm\nnss-devel-3.53.1-3.el7_9.ppc.rpm\nnss-devel-3.53.1-3.el7_9.ppc64.rpm\nnss-softokn-3.53.1-6.el7_9.ppc.rpm\nnss-softokn-3.53.1-6.el7_9.ppc64.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.ppc.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.ppc64.rpm\nnss-softokn-devel-3.53.1-6.el7_9.ppc.rpm\nnss-softokn-devel-3.53.1-6.el7_9.ppc64.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.ppc.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.ppc64.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.ppc.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.ppc64.rpm\nnss-sysinit-3.53.1-3.el7_9.ppc64.rpm\nnss-tools-3.53.1-3.el7_9.ppc64.rpm\nnss-util-3.53.1-1.el7_9.ppc.rpm\nnss-util-3.53.1-1.el7_9.ppc64.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.ppc.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.ppc64.rpm\nnss-util-devel-3.53.1-1.el7_9.ppc.rpm\nnss-util-devel-3.53.1-1.el7_9.ppc64.rpm\n\nppc64le:\nnspr-4.25.0-2.el7_9.ppc64le.rpm\nnspr-debuginfo-4.25.0-2.el7_9.ppc64le.rpm\nnspr-devel-4.25.0-2.el7_9.ppc64le.rpm\nnss-3.53.1-3.el7_9.ppc64le.rpm\nnss-debuginfo-3.53.1-3.el7_9.ppc64le.rpm\nnss-devel-3.53.1-3.el7_9.ppc64le.rpm\nnss-softokn-3.53.1-6.el7_9.ppc64le.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.ppc64le.rpm\nnss-softokn-devel-3.53.1-6.el7_9.ppc64le.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.ppc64le.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.ppc64le.rpm\nnss-sysinit-3.53.1-3.el7_9.ppc64le.rpm\nnss-tools-3.53.1-3.el7_9.ppc64le.rpm\nnss-util-3.53.1-1.el7_9.ppc64le.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.ppc64le.rpm\nnss-util-devel-3.53.1-1.el7_9.ppc64le.rpm\n\ns390x:\nnspr-4.25.0-2.el7_9.s390.rpm\nnspr-4.25.0-2.el7_9.s390x.rpm\nnspr-debuginfo-4.25.0-2.el7_9.s390.rpm\nnspr-debuginfo-4.25.0-2.el7_9.s390x.rpm\nnspr-devel-4.25.0-2.el7_9.s390.rpm\nnspr-devel-4.25.0-2.el7_9.s390x.rpm\nnss-3.53.1-3.el7_9.s390.rpm\nnss-3.53.1-3.el7_9.s390x.rpm\nnss-debuginfo-3.53.1-3.el7_9.s390.rpm\nnss-debuginfo-3.53.1-3.el7_9.s390x.rpm\nnss-devel-3.53.1-3.el7_9.s390.rpm\nnss-devel-3.53.1-3.el7_9.s390x.rpm\nnss-softokn-3.53.1-6.el7_9.s390.rpm\nnss-softokn-3.53.1-6.el7_9.s390x.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.s390.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.s390x.rpm\nnss-softokn-devel-3.53.1-6.el7_9.s390.rpm\nnss-softokn-devel-3.53.1-6.el7_9.s390x.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.s390.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.s390x.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.s390.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.s390x.rpm\nnss-sysinit-3.53.1-3.el7_9.s390x.rpm\nnss-tools-3.53.1-3.el7_9.s390x.rpm\nnss-util-3.53.1-1.el7_9.s390.rpm\nnss-util-3.53.1-1.el7_9.s390x.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.s390.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.s390x.rpm\nnss-util-devel-3.53.1-1.el7_9.s390.rpm\nnss-util-devel-3.53.1-1.el7_9.s390x.rpm\n\nx86_64:\nnspr-4.25.0-2.el7_9.i686.rpm\nnspr-4.25.0-2.el7_9.x86_64.rpm\nnspr-debuginfo-4.25.0-2.el7_9.i686.rpm\nnspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm\nnspr-devel-4.25.0-2.el7_9.i686.rpm\nnspr-devel-4.25.0-2.el7_9.x86_64.rpm\nnss-3.53.1-3.el7_9.i686.rpm\nnss-3.53.1-3.el7_9.x86_64.rpm\nnss-debuginfo-3.53.1-3.el7_9.i686.rpm\nnss-debuginfo-3.53.1-3.el7_9.x86_64.rpm\nnss-devel-3.53.1-3.el7_9.i686.rpm\nnss-devel-3.53.1-3.el7_9.x86_64.rpm\nnss-softokn-3.53.1-6.el7_9.i686.rpm\nnss-softokn-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-devel-3.53.1-6.el7_9.i686.rpm\nnss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.i686.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm\nnss-sysinit-3.53.1-3.el7_9.x86_64.rpm\nnss-tools-3.53.1-3.el7_9.x86_64.rpm\nnss-util-3.53.1-1.el7_9.i686.rpm\nnss-util-3.53.1-1.el7_9.x86_64.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.i686.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm\nnss-util-devel-3.53.1-1.el7_9.i686.rpm\nnss-util-devel-3.53.1-1.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nnss-debuginfo-3.53.1-3.el7_9.ppc.rpm\nnss-debuginfo-3.53.1-3.el7_9.ppc64.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.ppc.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.ppc64.rpm\n\nppc64le:\nnss-debuginfo-3.53.1-3.el7_9.ppc64le.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.ppc64le.rpm\n\ns390x:\nnss-debuginfo-3.53.1-3.el7_9.s390.rpm\nnss-debuginfo-3.53.1-3.el7_9.s390x.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.s390.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.s390x.rpm\n\nx86_64:\nnss-debuginfo-3.53.1-3.el7_9.i686.rpm\nnss-debuginfo-3.53.1-3.el7_9.x86_64.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nnspr-4.25.0-2.el7_9.src.rpm\nnss-3.53.1-3.el7_9.src.rpm\nnss-softokn-3.53.1-6.el7_9.src.rpm\nnss-util-3.53.1-1.el7_9.src.rpm\n\nx86_64:\nnspr-4.25.0-2.el7_9.i686.rpm\nnspr-4.25.0-2.el7_9.x86_64.rpm\nnspr-debuginfo-4.25.0-2.el7_9.i686.rpm\nnspr-debuginfo-4.25.0-2.el7_9.x86_64.rpm\nnspr-devel-4.25.0-2.el7_9.i686.rpm\nnspr-devel-4.25.0-2.el7_9.x86_64.rpm\nnss-3.53.1-3.el7_9.i686.rpm\nnss-3.53.1-3.el7_9.x86_64.rpm\nnss-debuginfo-3.53.1-3.el7_9.i686.rpm\nnss-debuginfo-3.53.1-3.el7_9.x86_64.rpm\nnss-devel-3.53.1-3.el7_9.i686.rpm\nnss-devel-3.53.1-3.el7_9.x86_64.rpm\nnss-softokn-3.53.1-6.el7_9.i686.rpm\nnss-softokn-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.i686.rpm\nnss-softokn-debuginfo-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-devel-3.53.1-6.el7_9.i686.rpm\nnss-softokn-devel-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.i686.rpm\nnss-softokn-freebl-3.53.1-6.el7_9.x86_64.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.i686.rpm\nnss-softokn-freebl-devel-3.53.1-6.el7_9.x86_64.rpm\nnss-sysinit-3.53.1-3.el7_9.x86_64.rpm\nnss-tools-3.53.1-3.el7_9.x86_64.rpm\nnss-util-3.53.1-1.el7_9.i686.rpm\nnss-util-3.53.1-1.el7_9.x86_64.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.i686.rpm\nnss-util-debuginfo-3.53.1-1.el7_9.x86_64.rpm\nnss-util-devel-3.53.1-1.el7_9.i686.rpm\nnss-util-devel-3.53.1-1.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nnss-debuginfo-3.53.1-3.el7_9.i686.rpm\nnss-debuginfo-3.53.1-3.el7_9.x86_64.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.i686.rpm\nnss-pkcs11-devel-3.53.1-3.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-11719\nhttps://access.redhat.com/security/cve/CVE-2019-11727\nhttps://access.redhat.com/security/cve/CVE-2019-11756\nhttps://access.redhat.com/security/cve/CVE-2019-17006\nhttps://access.redhat.com/security/cve/CVE-2019-17023\nhttps://access.redhat.com/security/cve/CVE-2020-6829\nhttps://access.redhat.com/security/cve/CVE-2020-12400\nhttps://access.redhat.com/security/cve/CVE-2020-12401\nhttps://access.redhat.com/security/cve/CVE-2020-12402\nhttps://access.redhat.com/security/cve/CVE-2020-12403\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX3Ok2NzjgjWX9erEAQidHRAAn/wr+iQpt5b54IqKwTLgtnBpRshAWWk1\n9xIvejwv+oMhbvULKuTeiCKZetFXErAZcyPYwChDt2X5ZoGUxsIUAAx8pphKaScM\n7dLXSGqgYNtduYmBAc2XlDIk244sYednkJ12uK6AjIgtY93wPcrk7wR9wbMF6xKL\n9YjsfdKso7bN3vIx43idBVvgs2yArnFYhzCu7azIHxnuiDu9QC1KUomAhEjLlFFk\nvjsbxL32eb/XFQ6pizoO2Nn3ZREejnAOlTu9U0Hc/u4FxRTns+HcVx6GIA+yNNMO\nHfbq1cKzshd7yowumhvatQNjtddmI8pHpW78KVJPma9t8IuoegXAwsXhti39dmtG\nmWcT0k+1ve+f9MIjY0FpZSFZycyUnmRf+bSstBwsoTL0hHe3RLOEYWulJMZGLyyg\nyCE36KONSTBo2SoNUMKVlWEIFVvEs9ixq0gzr9tGtGtYra5/GZ0MZntUM2zDwX6N\nKd9i7BrjujmL+x0hdjHxGd8BbIf0DO7xOrKyB6IhRu+8MO2qoQayQ3dzyzJixH4z\nHMk5J5qMHcC2PVxLcKyIbKerm00ZY3ZNarxYdRHmJoX7xV2K69PiPv+2+82k8138\n3OVEJSsjfckX2/tinighYNX8HsTtLG8+G1THzF5oRqCS9+T6lBsoorpL+X+YqJNQ\neHKv0fAxZzA=Zbhx\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. (BZ#1854564)\n\n* nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1855825)\n\nEnhancement(s):\n\n* [RFE] nss should use AES for storage of keys (BZ#1723819)\n\n4. [rhel-8.2.0.z]\n\n6. Description:\n\n* Updated python-psutil version to 5.6.6 inside ansible-runner container\n(CVE-2019-18874)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1772014 - CVE-2019-18874 python-psutil: double free because of refcount mishandling\n\n5",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-17006"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-17006"
      },
      {
        "db": "PACKETSTORM",
        "id": "168879"
      },
      {
        "db": "PACKETSTORM",
        "id": "155889"
      },
      {
        "db": "PACKETSTORM",
        "id": "161706"
      },
      {
        "db": "PACKETSTORM",
        "id": "162026"
      },
      {
        "db": "PACKETSTORM",
        "id": "161727"
      },
      {
        "db": "PACKETSTORM",
        "id": "159553"
      },
      {
        "db": "PACKETSTORM",
        "id": "159396"
      },
      {
        "db": "PACKETSTORM",
        "id": "158724"
      },
      {
        "db": "PACKETSTORM",
        "id": "159552"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-17006",
        "trust": 2.6
      },
      {
        "db": "SIEMENS",
        "id": "SSA-379803",
        "trust": 1.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-040-04",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "155889",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "161706",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "162026",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "159553",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "159396",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "158724",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0491",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3355",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3535",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2604",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2650",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0072",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0933",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3461",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1193",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0053",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0834",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.2446",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0986",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0136",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.0001",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3631",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1091",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1207",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "162130",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "161916",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "162142",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "159661",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "159497",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "161842",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021071301",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021043017",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-17006",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "168879",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161727",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "159552",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-17006"
      },
      {
        "db": "PACKETSTORM",
        "id": "168879"
      },
      {
        "db": "PACKETSTORM",
        "id": "155889"
      },
      {
        "db": "PACKETSTORM",
        "id": "161706"
      },
      {
        "db": "PACKETSTORM",
        "id": "162026"
      },
      {
        "db": "PACKETSTORM",
        "id": "161727"
      },
      {
        "db": "PACKETSTORM",
        "id": "159553"
      },
      {
        "db": "PACKETSTORM",
        "id": "159396"
      },
      {
        "db": "PACKETSTORM",
        "id": "158724"
      },
      {
        "db": "PACKETSTORM",
        "id": "159552"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17006"
      }
    ]
  },
  "id": "VAR-202010-0251",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.52540106
  },
  "last_update_date": "2024-11-29T22:08:41.474000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Mozilla Network Security Services Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105845"
      },
      {
        "title": "Ubuntu Security Notice: nss vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4231-1"
      },
      {
        "title": "Red Hat: Moderate: nss and nspr security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20203280 - Security Advisory"
      },
      {
        "title": "IBM: Security Bulletin:  A security vulnerabilitiy has been fixed in IBM Security Identity Manager Virtual Appliance(CVE-2019-17006)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=a91447c5697ecfb6bbab6f4cf67cb949"
      },
      {
        "title": "Red Hat: Moderate: nss and nspr security, bug fix, and enhancement update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204076 - Security Advisory"
      },
      {
        "title": "Debian Security Advisories: DSA-4726-1 nss -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2610caa3eacc40f97585be7c579718bd"
      },
      {
        "title": "Red Hat: Low: OpenShift Virtualization 2.4.2 Images",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204201 - Security Advisory"
      },
      {
        "title": "IBM: Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=52844442ae85845bde006e7f0170408e"
      },
      {
        "title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204255 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204254 - Security Advisory"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=409c1cd1b8ef401020956950fd839000"
      },
      {
        "title": "Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20204264 - Security Advisory"
      },
      {
        "title": "zot",
        "trust": 0.1,
        "url": "https://github.com/anuvu/zot "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-17006"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-20",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-17006"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
      },
      {
        "trust": 1.7,
        "url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.46_release_notes"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788"
      },
      {
        "trust": 1.7,
        "url": "https://security.netapp.com/advisory/ntap-20210129-0001/"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
      },
      {
        "trust": 1.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-17006"
      },
      {
        "trust": 0.7,
        "url": "https://usn.ubuntu.com/4231-1/"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/cve/cve-2019-11756"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
      },
      {
        "trust": 0.7,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.7,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2020-12403"
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193395-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.debian.org/lts/security/2020/dla-2058"
      },
      {
        "trust": 0.6,
        "url": "https://www.suse.com/support/update/announcement/2020/suse-su-20200088-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3535/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/155889/ubuntu-security-notice-usn-4231-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159396/red-hat-security-advisory-2020-4076-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0072/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0136/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1207"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0834"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0933"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-a-security-vulnerabilitiy-has-been-fixed-in-ibm-security-identity-manager-virtual-appliancecve-2019-17006/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2019-17006-cve-2019-17023-cve-2020-12403/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-in-nss-and-nspr-cve-2019-17006/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3355/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1091"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1193"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159497/red-hat-security-advisory-2020-4201-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159553/red-hat-security-advisory-2020-4255-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-security-vulnerabilities-7/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0986"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/mozilla-nss-buffer-overflow-via-cryptographic-primitives-31248"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0053/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021071301"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/158724/red-hat-security-advisory-2020-3280-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2650/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.0001/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2604"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0491"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161706/red-hat-security-advisory-2021-0758-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.2446/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/159661/red-hat-security-advisory-2020-4264-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021043017"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2019-17006-cve-2019-17023-cve-2020-12403-2/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161916/red-hat-security-advisory-2021-0949-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162142/red-hat-security-advisory-2021-1079-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161842/red-hat-security-advisory-2021-0876-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3461/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3631/"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-appliance-is-affected-by-multiple-mozilla-firefox-vulnerabilities/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162026/red-hat-security-advisory-2021-1026-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162130/red-hat-security-advisory-2021-1129-01.html"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2019-17023"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2020-12402"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12402"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12403"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-12401"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-11719"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-6829"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12400"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2020-12400"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-11727"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
      },
      {
        "trust": 0.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-12749"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-7595"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
      },
      {
        "trust": 0.3,
        "url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-14866"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-20388"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2020-12243"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12243"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-15903"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-19956"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2019-17498"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2018-20843"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12401"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5188"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2017-12652"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-19126"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1240"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-20386"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-18874"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-12450"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17546"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14973"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-17546"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-14822"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12652"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14822"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20386"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-18874"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-14365"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5094"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-5188"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-16935"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19126"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-5094"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-5482"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-14973"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5482"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-5313"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2019-12450"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/345.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111311"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12399"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/nss"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4231-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.45-1ubuntu2.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.42-1ubuntu2.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.35-2ubuntu2.7"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.04.10"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0758"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:1026"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20907"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11023"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1971"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10878"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20228"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20253"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11023"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0778"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11022"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12723"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20191"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1971"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20180"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2016-5766"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20178"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-5766"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20372"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11022"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-35678"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:4255"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:4076"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6829"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:3280"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:4254"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-17006"
      },
      {
        "db": "PACKETSTORM",
        "id": "168879"
      },
      {
        "db": "PACKETSTORM",
        "id": "155889"
      },
      {
        "db": "PACKETSTORM",
        "id": "161706"
      },
      {
        "db": "PACKETSTORM",
        "id": "162026"
      },
      {
        "db": "PACKETSTORM",
        "id": "161727"
      },
      {
        "db": "PACKETSTORM",
        "id": "159553"
      },
      {
        "db": "PACKETSTORM",
        "id": "159396"
      },
      {
        "db": "PACKETSTORM",
        "id": "158724"
      },
      {
        "db": "PACKETSTORM",
        "id": "159552"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17006"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2019-17006"
      },
      {
        "db": "PACKETSTORM",
        "id": "168879"
      },
      {
        "db": "PACKETSTORM",
        "id": "155889"
      },
      {
        "db": "PACKETSTORM",
        "id": "161706"
      },
      {
        "db": "PACKETSTORM",
        "id": "162026"
      },
      {
        "db": "PACKETSTORM",
        "id": "161727"
      },
      {
        "db": "PACKETSTORM",
        "id": "159553"
      },
      {
        "db": "PACKETSTORM",
        "id": "159396"
      },
      {
        "db": "PACKETSTORM",
        "id": "158724"
      },
      {
        "db": "PACKETSTORM",
        "id": "159552"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17006"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-17006"
      },
      {
        "date": "2020-07-28T19:12:00",
        "db": "PACKETSTORM",
        "id": "168879"
      },
      {
        "date": "2020-01-09T15:06:17",
        "db": "PACKETSTORM",
        "id": "155889"
      },
      {
        "date": "2021-03-09T15:56:20",
        "db": "PACKETSTORM",
        "id": "161706"
      },
      {
        "date": "2021-03-30T14:29:43",
        "db": "PACKETSTORM",
        "id": "162026"
      },
      {
        "date": "2021-03-09T16:25:11",
        "db": "PACKETSTORM",
        "id": "161727"
      },
      {
        "date": "2020-10-14T16:52:18",
        "db": "PACKETSTORM",
        "id": "159553"
      },
      {
        "date": "2020-09-30T15:50:53",
        "db": "PACKETSTORM",
        "id": "159396"
      },
      {
        "date": "2020-08-03T17:14:53",
        "db": "PACKETSTORM",
        "id": "158724"
      },
      {
        "date": "2020-10-14T16:52:12",
        "db": "PACKETSTORM",
        "id": "159552"
      },
      {
        "date": "2019-12-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      },
      {
        "date": "2020-10-22T21:15:12.560000",
        "db": "NVD",
        "id": "CVE-2019-17006"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-17006"
      },
      {
        "date": "2021-08-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      },
      {
        "date": "2024-11-21T04:31:31.573000",
        "db": "NVD",
        "id": "CVE-2019-17006"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mozilla NSS Data forgery problem vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "data forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-1134"
      }
    ],
    "trust": 0.6
  }
}

var-202207-0541
Vulnerability from variot

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500 (All versions < 2.15.1), RUGGEDCOM ROX RX1501 (All versions < 2.15.1), RUGGEDCOM ROX RX1510 (All versions < 2.15.1), RUGGEDCOM ROX RX1511 (All versions < 2.15.1), RUGGEDCOM ROX RX1512 (All versions < 2.15.1), RUGGEDCOM ROX RX1524 (All versions < 2.15.1), RUGGEDCOM ROX RX1536 (All versions < 2.15.1), RUGGEDCOM ROX RX5000 (All versions < 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user. RUGGEDCOM ROX RX1500 firmware, RUGGEDCOM ROX RX1501 firmware, RUGGEDCOM ROX RX1510 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0541",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.15.1"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.15.1"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.15.1"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.15.1"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.15.1"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.15.1"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.15.1"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.15.1"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.15.1"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.15.1"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.15.1"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013270"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29560"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Michael Messner of Siemens Energy reported this vulnerability to Siemens.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-839"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2022-29560",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2022-29560",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "id": "CVE-2022-29560",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.2,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2022-29560",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2022-29560",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2022-29560",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202207-839",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2022-29560",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-29560"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013270"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-839"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29560"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c 2.15.1), RUGGEDCOM ROX MX5000RE (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1400 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1500 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1501 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1510 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1511 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1512 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1524 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1536 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX5000 (All versions \u003c 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user. RUGGEDCOM ROX RX1500 firmware, RUGGEDCOM ROX RX1501 firmware, RUGGEDCOM ROX RX1510 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2022-29560"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013270"
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29560"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2022-29560",
        "trust": 3.3
      },
      {
        "db": "SIEMENS",
        "id": "SSA-599506",
        "trust": 2.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-22-195-05",
        "trust": 1.5
      },
      {
        "db": "JVN",
        "id": "JVNVU97764115",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013270",
        "trust": 0.8
      },
      {
        "db": "CS-HELP",
        "id": "SB2022071334",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-839",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2022-29560",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-29560"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013270"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-839"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29560"
      }
    ]
  },
  "id": "VAR-202207-0541",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.57411168
  },
  "last_update_date": "2024-08-14T13:42:37.052000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Siemens RUGGEDCOM ROX Repairs for Series Command Injection Vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=201839"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-839"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-77",
        "trust": 1.0
      },
      {
        "problemtype": "Command injection (CWE-77) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013270"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29560"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu97764115/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-29560"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-195-05"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2022071334"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/siemens-ruggedcom-rox-privilege-escalation-38774"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2022-29560/"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-195-05"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/77.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-05"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2022-29560"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013270"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-839"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29560"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2022-29560"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013270"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-839"
      },
      {
        "db": "NVD",
        "id": "CVE-2022-29560"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-29560"
      },
      {
        "date": "2023-09-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-013270"
      },
      {
        "date": "2022-07-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202207-839"
      },
      {
        "date": "2022-07-12T10:15:10.493000",
        "db": "NVD",
        "id": "CVE-2022-29560"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2022-29560"
      },
      {
        "date": "2023-09-06T08:24:00",
        "db": "JVNDB",
        "id": "JVNDB-2022-013270"
      },
      {
        "date": "2022-07-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202207-839"
      },
      {
        "date": "2022-07-19T18:12:33.017000",
        "db": "NVD",
        "id": "CVE-2022-29560"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-839"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Command injection vulnerability in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2022-013270"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "command injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202207-839"
      }
    ],
    "trust": 0.6
  }
}

var-202307-0591
Vulnerability from variot

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments.

Siemens RUGGEDCOM ROX has a command injection vulnerability. The vulnerability stems from the lack of server-side input validation

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0591",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60610"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021734"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36751"
      }
    ]
  },
  "cve": "CVE-2023-36751",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2023-60610",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "id": "CVE-2023-36751",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "productcert@siemens.com",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.3,
            "id": "CVE-2023-36751",
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.2,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2023-36751",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2023-36751",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2023-36751",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2023-36751",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-60610",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202307-735",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60610"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021734"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-735"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36751"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36751"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments. \n\r\n\r\nSiemens RUGGEDCOM ROX has a command injection vulnerability. The vulnerability stems from the lack of server-side input validation",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-36751"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021734"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-60610"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36751"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-36751",
        "trust": 3.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-146325",
        "trust": 3.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-194-01",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95292697",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021734",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-60610",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-735",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36751",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60610"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36751"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021734"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-735"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36751"
      }
    ]
  },
  "id": "VAR-202307-0591",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60610"
      }
    ],
    "trust": 1.17411168
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60610"
      }
    ]
  },
  "last_update_date": "2024-08-14T13:00:11.408000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Siemens RUGGEDCOM ROX Command Injection Vulnerability (CNVD-2023-60610)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/449056"
      },
      {
        "title": "Siemens RUGGEDCOM ROX A series of products Fixes for command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=246658"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60610"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-735"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-77",
        "trust": 1.0
      },
      {
        "problemtype": "Command injection (CWE-77) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021734"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36751"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95292697/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36751"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01"
      },
      {
        "trust": 0.6,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2023-36751/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60610"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36751"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021734"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-735"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36751"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60610"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36751"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021734"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-735"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36751"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-60610"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-36751"
      },
      {
        "date": "2024-01-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021734"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-735"
      },
      {
        "date": "2023-07-11T10:15:11.233000",
        "db": "NVD",
        "id": "CVE-2023-36751"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-60610"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-36751"
      },
      {
        "date": "2024-01-19T08:07:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021734"
      },
      {
        "date": "2023-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-735"
      },
      {
        "date": "2023-07-18T18:34:49.170000",
        "db": "NVD",
        "id": "CVE-2023-36751"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-735"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Command injection vulnerability in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021734"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "command injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-735"
      }
    ],
    "trust": 0.6
  }
}

var-202307-0585
Vulnerability from variot

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an “invalid params element name” error on the action parameters. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0585",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55709"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021749"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36390"
      }
    ]
  },
  "cve": "CVE-2023-36390",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2023-55709",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2023-36390",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "productcert@siemens.com",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2023-36390",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2023-36390",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2023-36390",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2023-36390",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2023-36390",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-55709",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202307-741",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55709"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021749"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-741"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36390"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36390"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response\r\nwithout sanitization while throwing an \u201cinvalid params element name\u201d error on the action parameters. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-36390"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021749"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-55709"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36390"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-36390",
        "trust": 3.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-146325",
        "trust": 3.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-194-01",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95292697",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021749",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-55709",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-741",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36390",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55709"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36390"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021749"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-741"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36390"
      }
    ]
  },
  "id": "VAR-202307-0585",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55709"
      }
    ],
    "trust": 1.17411168
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55709"
      }
    ]
  },
  "last_update_date": "2024-08-14T12:27:44.429000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Siemens RUGGEDCOM ROX cross-site scripting vulnerability (CNVD-2023-55709)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/440301"
      },
      {
        "title": "Siemens RUGGEDCOM ROX A series of products Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=246663"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55709"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-741"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.0
      },
      {
        "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021749"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36390"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95292697/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36390"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01"
      },
      {
        "trust": 0.6,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2023-36390/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55709"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36390"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021749"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-741"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36390"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-55709"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36390"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021749"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-741"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36390"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-07-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-55709"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-36390"
      },
      {
        "date": "2024-01-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021749"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-741"
      },
      {
        "date": "2023-07-11T10:15:10.827000",
        "db": "NVD",
        "id": "CVE-2023-36390"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-07-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-55709"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-36390"
      },
      {
        "date": "2024-01-19T08:08:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021749"
      },
      {
        "date": "2023-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-741"
      },
      {
        "date": "2023-07-18T16:53:10.417000",
        "db": "NVD",
        "id": "CVE-2023-36390"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-741"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting vulnerability in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021749"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-741"
      }
    ],
    "trust": 0.6
  }
}

var-202010-0252
Vulnerability from variot

In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. ========================================================================= Ubuntu Security Notice USN-4215-1 December 09, 2019

nss vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.04
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM

Summary:

NSS could be made to crash if it received a specially crafted certificate. An attacker could possibly use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.04: libnss3 2:3.42-1ubuntu2.4

Ubuntu 18.04 LTS: libnss3 2:3.35-2ubuntu2.6

Ubuntu 16.04 LTS: libnss3 2:3.28.4-0ubuntu0.16.04.9

Ubuntu 14.04 ESM: libnss3 2:3.28.4-0ubuntu0.14.04.5+esm3

Ubuntu 12.04 ESM: libnss3 2:3.28.4-0ubuntu0.12.04.6

After a standard system update you need to reboot your computer to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: nss and nss-softokn security update Advisory ID: RHSA-2021:0876-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0876 Issue date: 2021-03-16 CVE Names: CVE-2019-11756 CVE-2019-17006 CVE-2019-17007 CVE-2020-12403 ==================================================================== 1. Summary:

An update for nss and nss-softokn is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x

  1. Description:

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

Security Fix(es):

  • nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756)

  • nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)

  • nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS (CVE-2019-17007)

  • nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, applications using NSS (for example, Firefox) must be restarted for this update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1703979 - CVE-2019-17007 nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS 1774835 - CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting 1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives 1868931 - CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read

  1. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.6):

Source: nss-3.36.0-9.el7_6.src.rpm nss-softokn-3.36.0-7.el7_6.src.rpm

x86_64: nss-3.36.0-9.el7_6.i686.rpm nss-3.36.0-9.el7_6.x86_64.rpm nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-softokn-3.36.0-7.el7_6.i686.rpm nss-softokn-3.36.0-7.el7_6.x86_64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm nss-sysinit-3.36.0-9.el7_6.x86_64.rpm nss-tools-3.36.0-9.el7_6.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):

x86_64: nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-devel-3.36.0-9.el7_6.i686.rpm nss-devel-3.36.0-9.el7_6.x86_64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm nss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm nss-softokn-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.6):

Source: nss-3.36.0-9.el7_6.src.rpm nss-softokn-3.36.0-7.el7_6.src.rpm

ppc64: nss-3.36.0-9.el7_6.ppc.rpm nss-3.36.0-9.el7_6.ppc64.rpm nss-debuginfo-3.36.0-9.el7_6.ppc.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64.rpm nss-devel-3.36.0-9.el7_6.ppc.rpm nss-devel-3.36.0-9.el7_6.ppc64.rpm nss-softokn-3.36.0-7.el7_6.ppc.rpm nss-softokn-3.36.0-7.el7_6.ppc64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc64.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc64.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64.rpm nss-sysinit-3.36.0-9.el7_6.ppc64.rpm nss-tools-3.36.0-9.el7_6.ppc64.rpm

ppc64le: nss-3.36.0-9.el7_6.ppc64le.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-devel-3.36.0-9.el7_6.ppc64le.rpm nss-softokn-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm nss-sysinit-3.36.0-9.el7_6.ppc64le.rpm nss-tools-3.36.0-9.el7_6.ppc64le.rpm

s390x: nss-3.36.0-9.el7_6.s390.rpm nss-3.36.0-9.el7_6.s390x.rpm nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-devel-3.36.0-9.el7_6.s390.rpm nss-devel-3.36.0-9.el7_6.s390x.rpm nss-softokn-3.36.0-7.el7_6.s390.rpm nss-softokn-3.36.0-7.el7_6.s390x.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm nss-softokn-devel-3.36.0-7.el7_6.s390.rpm nss-softokn-devel-3.36.0-7.el7_6.s390x.rpm nss-softokn-freebl-3.36.0-7.el7_6.s390.rpm nss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm nss-sysinit-3.36.0-9.el7_6.s390x.rpm nss-tools-3.36.0-9.el7_6.s390x.rpm

x86_64: nss-3.36.0-9.el7_6.i686.rpm nss-3.36.0-9.el7_6.x86_64.rpm nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-devel-3.36.0-9.el7_6.i686.rpm nss-devel-3.36.0-9.el7_6.x86_64.rpm nss-softokn-3.36.0-7.el7_6.i686.rpm nss-softokn-3.36.0-7.el7_6.x86_64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm nss-softokn-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm nss-sysinit-3.36.0-9.el7_6.x86_64.rpm nss-tools-3.36.0-9.el7_6.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):

Source: nss-3.36.0-9.el7_6.src.rpm nss-softokn-3.36.0-7.el7_6.src.rpm

aarch64: nss-3.36.0-9.el7_6.aarch64.rpm nss-debuginfo-3.36.0-9.el7_6.aarch64.rpm nss-devel-3.36.0-9.el7_6.aarch64.rpm nss-softokn-3.36.0-7.el7_6.aarch64.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.aarch64.rpm nss-softokn-devel-3.36.0-7.el7_6.aarch64.rpm nss-softokn-freebl-3.36.0-7.el7_6.aarch64.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.aarch64.rpm nss-sysinit-3.36.0-9.el7_6.aarch64.rpm nss-tools-3.36.0-9.el7_6.aarch64.rpm

ppc64le: nss-3.36.0-9.el7_6.ppc64le.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-devel-3.36.0-9.el7_6.ppc64le.rpm nss-softokn-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm nss-sysinit-3.36.0-9.el7_6.ppc64le.rpm nss-tools-3.36.0-9.el7_6.ppc64le.rpm

s390x: nss-3.36.0-9.el7_6.s390.rpm nss-3.36.0-9.el7_6.s390x.rpm nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-devel-3.36.0-9.el7_6.s390.rpm nss-devel-3.36.0-9.el7_6.s390x.rpm nss-softokn-3.36.0-7.el7_6.s390.rpm nss-softokn-3.36.0-7.el7_6.s390x.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm nss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm nss-softokn-devel-3.36.0-7.el7_6.s390.rpm nss-softokn-devel-3.36.0-7.el7_6.s390x.rpm nss-softokn-freebl-3.36.0-7.el7_6.s390.rpm nss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm nss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm nss-sysinit-3.36.0-9.el7_6.s390x.rpm nss-tools-3.36.0-9.el7_6.s390x.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.6):

ppc64: nss-debuginfo-3.36.0-9.el7_6.ppc.rpm nss-debuginfo-3.36.0-9.el7_6.ppc64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc64.rpm

ppc64le: nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm

s390x: nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm

x86_64: nss-debuginfo-3.36.0-9.el7_6.i686.rpm nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm nss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm

Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):

aarch64: nss-debuginfo-3.36.0-9.el7_6.aarch64.rpm nss-pkcs11-devel-3.36.0-9.el7_6.aarch64.rpm

ppc64le: nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm nss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm

s390x: nss-debuginfo-3.36.0-9.el7_6.s390.rpm nss-debuginfo-3.36.0-9.el7_6.s390x.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm nss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2019-11756 https://access.redhat.com/security/cve/CVE-2019-17006 https://access.redhat.com/security/cve/CVE-2019-17007 https://access.redhat.com/security/cve/CVE-2020-12403 https://access.redhat.com/security/updates/classification/#moderate

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBYFDHndzjgjWX9erEAQhc7BAAkp67Ydt2JQVRfRhv2NUd0sjnWReLTvdP jCz5vIgKz8JIgmz/bc5I1MR8ZCSObdbsUEiv0exapuYneLNru//0dMGL2dv7Fkn5 Em5+ZuvLuDUq9id8TOOd5igNjBeJGKy4dJV46AXtgUHARHbiU5jcmOcCetkBY09J o0bK4wDc6YjvUBANaAQH/sWznAT+BNmtOeF00seAbIgic0m76HidFSQzcq8I+vtm mttqgZvz3+xYitS/63Z4AQofI3VFGX46CHZxekI7N1hIpML7QjiZw4gk8QgdpRWn wLtr661MIse/iS0l+4ZvQoWx5diuVwXudfGmisEXhsWtx79m8JSFNavmxSK9dvJ5 5F6K275OTX2W1GSUgU4IrKxWaLoBPQlC4yT36c4827qosGBjgufGyExgmqnTyQyR iobqDMUHq5RgjNsHNCzrm7CKAgwTUgyuN5QLoXwOsqxPfMt1uL8TI1Q5ULyuPJ+b 8IxbIPGgCZM/haNchD9Xoo1rDieT1JOtQNTfknss91AIQZH30n7i6F6/l8K7GJ16 1sFPnNI7aISjvhu/+jfgNpkoFi6Qyda5a8jSceWpY1yf83/jsxVpKMqgcoTf416z IFzoYxQqa0AM1efVfgtL1vnoAXw8yPt0PjXfcMUYWltIGbgO15L/hJZ6bCUu8FT6 BbaFUBBSJpw=m1vv -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce .

For the stable distribution (buster), these problems have been fixed in version 2:3.42.1-1+deb10u2.

We recommend that you upgrade your nss packages.

For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nss

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3qzaYACgkQEMKTtsN8 TjZ7yg//SABSzXoip0pAHIT9lNxDFNL44E27iqRWeurCyfxnQNvNaeShakiTj1Yj sSb2pqo0+gGLsUgtQdKKc8yeOERvuihWRoVDroW7onYG93vpsZ1H8Z7HSEJOGMQl Bt/HcjayCfXrA313/B5SBTiKE/Ks4CvYQvk+BrFwjFEUoYhXzxXwfUIxym1L8+gq jG3Qsh38iOFhrXfXBe2PGaUGU6AVcS/BGTam31s1g54mta4a+obIbvvQu3MGHJLH UTTcVPy7PhK5dofufbJXo1QGqfgdLxsvZAqhcyU1cXBZa7k18Ykts9jKukwoDZV0 hR2jISnOddovQWdPWLqz/ENOTIkY8Ue5/cPIaQ+I9tAL2JOBHBmddP+WeqBxpO8o DpP+4EILROZQ5g+WjLT1Twsje3NJQYx6z7YmXo/0N0ELM+81Sono1wKTgegVBa0F 8eET2FDW45sKFOGV1QTTI5F1mSmgSHiTdtVl/riuzdWrdig8316dByz994dZD+Co TgMiALJWwiVDY6XHHrPwzmvqNoqlcUvNgh4v7tRkTL/YjlHxD+x8R08sRaVo5gqz Z4CyLaP1ByO0X/i4dkuVtD5kIX9GlqLRYkUSnOBhwaoPr7ZgZBCnJfyQixsME1L5 yOg6+j//ncYos+KWeb1upZdUHHB340UmTxbEtECa7jfanMcrtpw= =QZmZ -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202010-0252",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "network security services",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "3.44"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "network security services",
        "scope": null,
        "trust": 0.8,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016069"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17007"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ubuntu,Debian,Red Hat",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-023"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-17007",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2019-17007",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-17007",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2019-17007",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-17007",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-17007",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201912-023",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-17007",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-17007"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016069"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-023"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17007"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. =========================================================================\nUbuntu Security Notice USN-4215-1\nDecember 09, 2019\n\nnss vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 19.04\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nNSS could be made to crash if it received a specially crafted certificate. \nAn attacker could possibly use this issue to cause a denial of service. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 19.04:\n  libnss3                         2:3.42-1ubuntu2.4\n\nUbuntu 18.04 LTS:\n  libnss3                         2:3.35-2ubuntu2.6\n\nUbuntu 16.04 LTS:\n  libnss3                         2:3.28.4-0ubuntu0.16.04.9\n\nUbuntu 14.04 ESM:\n  libnss3                         2:3.28.4-0ubuntu0.14.04.5+esm3\n\nUbuntu 12.04 ESM:\n  libnss3                         2:3.28.4-0ubuntu0.12.04.6\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Moderate: nss and nss-softokn security update\nAdvisory ID:       RHSA-2021:0876-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:0876\nIssue date:        2021-03-16\nCVE Names:         CVE-2019-11756 CVE-2019-17006 CVE-2019-17007\n                   CVE-2020-12403\n====================================================================\n1. Summary:\n\nAn update for nss and nss-softokn is now available for Red Hat Enterprise\nLinux 7.6 Extended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. \n\nSecurity Fix(es):\n\n* nss: Use-after-free in sftk_FreeSession due to improper refcounting\n(CVE-2019-11756)\n\n* nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)\n\n* nss: Handling of Netscape Certificate Sequences in\nCERT_DecodeCertPackage() may crash with a NULL deref leading to DoS\n(CVE-2019-17007)\n\n* nss: CHACHA20-POLY1305 decryption with undersized tag leads to\nout-of-bounds read (CVE-2020-12403)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, applications using NSS (for example, Firefox)\nmust be restarted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1703979 - CVE-2019-17007 nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS\n1774835 - CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting\n1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives\n1868931 - CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read\n\n6. Package List:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.6):\n\nSource:\nnss-3.36.0-9.el7_6.src.rpm\nnss-softokn-3.36.0-7.el7_6.src.rpm\n\nx86_64:\nnss-3.36.0-9.el7_6.i686.rpm\nnss-3.36.0-9.el7_6.x86_64.rpm\nnss-debuginfo-3.36.0-9.el7_6.i686.rpm\nnss-debuginfo-3.36.0-9.el7_6.x86_64.rpm\nnss-softokn-3.36.0-7.el7_6.i686.rpm\nnss-softokn-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.i686.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm\nnss-sysinit-3.36.0-9.el7_6.x86_64.rpm\nnss-tools-3.36.0-9.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):\n\nx86_64:\nnss-debuginfo-3.36.0-9.el7_6.i686.rpm\nnss-debuginfo-3.36.0-9.el7_6.x86_64.rpm\nnss-devel-3.36.0-9.el7_6.i686.rpm\nnss-devel-3.36.0-9.el7_6.x86_64.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-devel-3.36.0-7.el7_6.i686.rpm\nnss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nnss-3.36.0-9.el7_6.src.rpm\nnss-softokn-3.36.0-7.el7_6.src.rpm\n\nppc64:\nnss-3.36.0-9.el7_6.ppc.rpm\nnss-3.36.0-9.el7_6.ppc64.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc64.rpm\nnss-devel-3.36.0-9.el7_6.ppc.rpm\nnss-devel-3.36.0-9.el7_6.ppc64.rpm\nnss-softokn-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-3.36.0-7.el7_6.ppc64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.ppc64.rpm\nnss-softokn-devel-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-devel-3.36.0-7.el7_6.ppc64.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.ppc64.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.ppc.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64.rpm\nnss-sysinit-3.36.0-9.el7_6.ppc64.rpm\nnss-tools-3.36.0-9.el7_6.ppc64.rpm\n\nppc64le:\nnss-3.36.0-9.el7_6.ppc64le.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm\nnss-devel-3.36.0-9.el7_6.ppc64le.rpm\nnss-softokn-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm\nnss-sysinit-3.36.0-9.el7_6.ppc64le.rpm\nnss-tools-3.36.0-9.el7_6.ppc64le.rpm\n\ns390x:\nnss-3.36.0-9.el7_6.s390.rpm\nnss-3.36.0-9.el7_6.s390x.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390x.rpm\nnss-devel-3.36.0-9.el7_6.s390.rpm\nnss-devel-3.36.0-9.el7_6.s390x.rpm\nnss-softokn-3.36.0-7.el7_6.s390.rpm\nnss-softokn-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-devel-3.36.0-7.el7_6.s390.rpm\nnss-softokn-devel-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.s390.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm\nnss-sysinit-3.36.0-9.el7_6.s390x.rpm\nnss-tools-3.36.0-9.el7_6.s390x.rpm\n\nx86_64:\nnss-3.36.0-9.el7_6.i686.rpm\nnss-3.36.0-9.el7_6.x86_64.rpm\nnss-debuginfo-3.36.0-9.el7_6.i686.rpm\nnss-debuginfo-3.36.0-9.el7_6.x86_64.rpm\nnss-devel-3.36.0-9.el7_6.i686.rpm\nnss-devel-3.36.0-9.el7_6.x86_64.rpm\nnss-softokn-3.36.0-7.el7_6.i686.rpm\nnss-softokn-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-devel-3.36.0-7.el7_6.i686.rpm\nnss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.i686.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm\nnss-sysinit-3.36.0-9.el7_6.x86_64.rpm\nnss-tools-3.36.0-9.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nnss-3.36.0-9.el7_6.src.rpm\nnss-softokn-3.36.0-7.el7_6.src.rpm\n\naarch64:\nnss-3.36.0-9.el7_6.aarch64.rpm\nnss-debuginfo-3.36.0-9.el7_6.aarch64.rpm\nnss-devel-3.36.0-9.el7_6.aarch64.rpm\nnss-softokn-3.36.0-7.el7_6.aarch64.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.aarch64.rpm\nnss-softokn-devel-3.36.0-7.el7_6.aarch64.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.aarch64.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.aarch64.rpm\nnss-sysinit-3.36.0-9.el7_6.aarch64.rpm\nnss-tools-3.36.0-9.el7_6.aarch64.rpm\n\nppc64le:\nnss-3.36.0-9.el7_6.ppc64le.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm\nnss-devel-3.36.0-9.el7_6.ppc64le.rpm\nnss-softokn-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm\nnss-sysinit-3.36.0-9.el7_6.ppc64le.rpm\nnss-tools-3.36.0-9.el7_6.ppc64le.rpm\n\ns390x:\nnss-3.36.0-9.el7_6.s390.rpm\nnss-3.36.0-9.el7_6.s390x.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390x.rpm\nnss-devel-3.36.0-9.el7_6.s390.rpm\nnss-devel-3.36.0-9.el7_6.s390x.rpm\nnss-softokn-3.36.0-7.el7_6.s390.rpm\nnss-softokn-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm\nnss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-devel-3.36.0-7.el7_6.s390.rpm\nnss-softokn-devel-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.s390.rpm\nnss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm\nnss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm\nnss-sysinit-3.36.0-9.el7_6.s390x.rpm\nnss-tools-3.36.0-9.el7_6.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 7.6):\n\nppc64:\nnss-debuginfo-3.36.0-9.el7_6.ppc.rpm\nnss-debuginfo-3.36.0-9.el7_6.ppc64.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.ppc.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.ppc64.rpm\n\nppc64le:\nnss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm\n\ns390x:\nnss-debuginfo-3.36.0-9.el7_6.s390.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390x.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm\n\nx86_64:\nnss-debuginfo-3.36.0-9.el7_6.i686.rpm\nnss-debuginfo-3.36.0-9.el7_6.x86_64.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nnss-debuginfo-3.36.0-9.el7_6.aarch64.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.aarch64.rpm\n\nppc64le:\nnss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm\n\ns390x:\nnss-debuginfo-3.36.0-9.el7_6.s390.rpm\nnss-debuginfo-3.36.0-9.el7_6.s390x.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm\nnss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-11756\nhttps://access.redhat.com/security/cve/CVE-2019-17006\nhttps://access.redhat.com/security/cve/CVE-2019-17007\nhttps://access.redhat.com/security/cve/CVE-2020-12403\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYFDHndzjgjWX9erEAQhc7BAAkp67Ydt2JQVRfRhv2NUd0sjnWReLTvdP\njCz5vIgKz8JIgmz/bc5I1MR8ZCSObdbsUEiv0exapuYneLNru//0dMGL2dv7Fkn5\nEm5+ZuvLuDUq9id8TOOd5igNjBeJGKy4dJV46AXtgUHARHbiU5jcmOcCetkBY09J\no0bK4wDc6YjvUBANaAQH/sWznAT+BNmtOeF00seAbIgic0m76HidFSQzcq8I+vtm\nmttqgZvz3+xYitS/63Z4AQofI3VFGX46CHZxekI7N1hIpML7QjiZw4gk8QgdpRWn\nwLtr661MIse/iS0l+4ZvQoWx5diuVwXudfGmisEXhsWtx79m8JSFNavmxSK9dvJ5\n5F6K275OTX2W1GSUgU4IrKxWaLoBPQlC4yT36c4827qosGBjgufGyExgmqnTyQyR\niobqDMUHq5RgjNsHNCzrm7CKAgwTUgyuN5QLoXwOsqxPfMt1uL8TI1Q5ULyuPJ+b\n8IxbIPGgCZM/haNchD9Xoo1rDieT1JOtQNTfknss91AIQZH30n7i6F6/l8K7GJ16\n1sFPnNI7aISjvhu/+jfgNpkoFi6Qyda5a8jSceWpY1yf83/jsxVpKMqgcoTf416z\nIFzoYxQqa0AM1efVfgtL1vnoAXw8yPt0PjXfcMUYWltIGbgO15L/hJZ6bCUu8FT6\nBbaFUBBSJpw=m1vv\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \n    \nFor the stable distribution (buster), these problems have been fixed in\nversion 2:3.42.1-1+deb10u2. \n\nWe recommend that you upgrade your nss packages. \n\nFor the detailed security status of nss please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nss\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3qzaYACgkQEMKTtsN8\nTjZ7yg//SABSzXoip0pAHIT9lNxDFNL44E27iqRWeurCyfxnQNvNaeShakiTj1Yj\nsSb2pqo0+gGLsUgtQdKKc8yeOERvuihWRoVDroW7onYG93vpsZ1H8Z7HSEJOGMQl\nBt/HcjayCfXrA313/B5SBTiKE/Ks4CvYQvk+BrFwjFEUoYhXzxXwfUIxym1L8+gq\njG3Qsh38iOFhrXfXBe2PGaUGU6AVcS/BGTam31s1g54mta4a+obIbvvQu3MGHJLH\nUTTcVPy7PhK5dofufbJXo1QGqfgdLxsvZAqhcyU1cXBZa7k18Ykts9jKukwoDZV0\nhR2jISnOddovQWdPWLqz/ENOTIkY8Ue5/cPIaQ+I9tAL2JOBHBmddP+WeqBxpO8o\nDpP+4EILROZQ5g+WjLT1Twsje3NJQYx6z7YmXo/0N0ELM+81Sono1wKTgegVBa0F\n8eET2FDW45sKFOGV1QTTI5F1mSmgSHiTdtVl/riuzdWrdig8316dByz994dZD+Co\nTgMiALJWwiVDY6XHHrPwzmvqNoqlcUvNgh4v7tRkTL/YjlHxD+x8R08sRaVo5gqz\nZ4CyLaP1ByO0X/i4dkuVtD5kIX9GlqLRYkUSnOBhwaoPr7ZgZBCnJfyQixsME1L5\nyOg6+j//ncYos+KWeb1upZdUHHB340UmTxbEtECa7jfanMcrtpw=\n=QZmZ\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-17007"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016069"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-17007"
      },
      {
        "db": "PACKETSTORM",
        "id": "155590"
      },
      {
        "db": "PACKETSTORM",
        "id": "161842"
      },
      {
        "db": "PACKETSTORM",
        "id": "155601"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-17007",
        "trust": 2.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-040-04",
        "trust": 2.4
      },
      {
        "db": "SIEMENS",
        "id": "SSA-379803",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016069",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "155590",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "161842",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "155601",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0491",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2020.3355",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4579",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0933",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.4524",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-023",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-17007",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-17007"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016069"
      },
      {
        "db": "PACKETSTORM",
        "id": "155590"
      },
      {
        "db": "PACKETSTORM",
        "id": "161842"
      },
      {
        "db": "PACKETSTORM",
        "id": "155601"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-023"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17007"
      }
    ]
  },
  "id": "VAR-202010-0252",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.52540106
  },
  "last_update_date": "2024-11-23T20:53:20.793000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-379803",
        "trust": 0.8,
        "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes"
      },
      {
        "title": "Mozilla Network Security Services Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=104251"
      },
      {
        "title": "Ubuntu Security Notice: nss vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4215-1"
      },
      {
        "title": "Debian Security Advisories: DSA-4579-1 nss -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0af759a984821af0886871e7a26a298e"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-17007"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016069"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-023"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-295",
        "trust": 1.0
      },
      {
        "problemtype": "Bad certificate verification (CWE-295) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016069"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17007"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.0,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1533216"
      },
      {
        "trust": 1.7,
        "url": "https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.44_release_notes"
      },
      {
        "trust": 1.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17007"
      },
      {
        "trust": 1.6,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
      },
      {
        "trust": 0.6,
        "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00034.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.debian.org/security/2019/dsa-4579"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0491"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/155601/debian-security-advisory-4579-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4524/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.4579/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2020.3355/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/155590/ubuntu-security-notice-usn-4215-1.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161842/red-hat-security-advisory-2021-0876-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0933"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/295.html"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4215-1/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4215-1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.42-1ubuntu2.4"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.35-2ubuntu2.6"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.04.9"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12403"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0876"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17007"
      },
      {
        "trust": 0.1,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17006"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11756"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-12403"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11745"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/nss"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-17007"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016069"
      },
      {
        "db": "PACKETSTORM",
        "id": "155590"
      },
      {
        "db": "PACKETSTORM",
        "id": "161842"
      },
      {
        "db": "PACKETSTORM",
        "id": "155601"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-023"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17007"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2019-17007"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016069"
      },
      {
        "db": "PACKETSTORM",
        "id": "155590"
      },
      {
        "db": "PACKETSTORM",
        "id": "161842"
      },
      {
        "db": "PACKETSTORM",
        "id": "155601"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-023"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-17007"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-22T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-17007"
      },
      {
        "date": "2021-05-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-016069"
      },
      {
        "date": "2019-12-09T15:53:27",
        "db": "PACKETSTORM",
        "id": "155590"
      },
      {
        "date": "2021-03-17T14:35:53",
        "db": "PACKETSTORM",
        "id": "161842"
      },
      {
        "date": "2019-12-09T22:22:22",
        "db": "PACKETSTORM",
        "id": "155601"
      },
      {
        "date": "2019-12-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-023"
      },
      {
        "date": "2020-10-22T21:15:12.637000",
        "db": "NVD",
        "id": "CVE-2019-17007"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-17007"
      },
      {
        "date": "2021-05-12T08:27:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-016069"
      },
      {
        "date": "2021-03-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201912-023"
      },
      {
        "date": "2024-11-21T04:31:31.717000",
        "db": "NVD",
        "id": "CVE-2019-17007"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-023"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Network\u00a0Security\u00a0Services\u00a0 Vulnerability in Certificate Verification",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-016069"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201912-023"
      }
    ],
    "trust": 0.6
  }
}

var-202307-0594
Vulnerability from variot

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments.

Siemens RUGGEDCOM ROX has a command injection vulnerability. The vulnerability stems from the lack of server-side input validation

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0594",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60607"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021731"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36754"
      }
    ]
  },
  "cve": "CVE-2023-36754",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2023-60607",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "id": "CVE-2023-36754",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "productcert@siemens.com",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.3,
            "id": "CVE-2023-36754",
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.2,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2023-36754",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2023-36754",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2023-36754",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2023-36754",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-60607",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202307-732",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60607"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021731"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-732"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36754"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36754"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments. \n\r\n\r\nSiemens RUGGEDCOM ROX has a command injection vulnerability. The vulnerability stems from the lack of server-side input validation",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-36754"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021731"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-60607"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36754"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-36754",
        "trust": 3.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-146325",
        "trust": 3.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-194-01",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95292697",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021731",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-60607",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-732",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36754",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60607"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36754"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021731"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-732"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36754"
      }
    ]
  },
  "id": "VAR-202307-0594",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60607"
      }
    ],
    "trust": 1.17411168
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60607"
      }
    ]
  },
  "last_update_date": "2024-08-14T12:46:18.755000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Siemens RUGGEDCOM ROX Command Injection Vulnerability (CNVD-2023-60607)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/449036"
      },
      {
        "title": "Siemens RUGGEDCOM ROX A series of products Fixes for command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=246655"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60607"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-732"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-77",
        "trust": 1.0
      },
      {
        "problemtype": "Command injection (CWE-77) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021731"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36754"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95292697/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36754"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01"
      },
      {
        "trust": 0.6,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2023-36754/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60607"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36754"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021731"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-732"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36754"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60607"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36754"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021731"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-732"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36754"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-60607"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-36754"
      },
      {
        "date": "2024-01-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021731"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-732"
      },
      {
        "date": "2023-07-11T10:15:11.427000",
        "db": "NVD",
        "id": "CVE-2023-36754"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-60607"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-36754"
      },
      {
        "date": "2024-01-19T08:07:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021731"
      },
      {
        "date": "2023-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-732"
      },
      {
        "date": "2023-07-18T18:48:34.160000",
        "db": "NVD",
        "id": "CVE-2023-36754"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-732"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Command injection vulnerability in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021731"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "command injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-732"
      }
    ],
    "trust": 0.6
  }
}

var-202001-1433
Vulnerability from variot

When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Firefox and Thunderbird Contains an out-of-bounds write vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. ========================================================================= Ubuntu Security Notice USN-4203-2 November 27, 2019

nss vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 ESM
  • Ubuntu 12.04 ESM

Summary:

NSS could be made to crash or run programs if it received specially crafted input. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that NSS incorrectly handled certain memory operations. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-37


                                       https://security.gentoo.org/

Severity: Normal Title: Mozilla Network Security Service: Multiple vulnerabilities Date: March 16, 2020 Bugs: #627534, #676868, #701840 ID: 202003-37


Synopsis

Multiple vulnerabilities have been found in Mozilla Network Security Service (NSS), the worst of which may lead to arbitrary code execution. Please review the CVE identifiers referenced below for details.

Impact

An attacker could execute arbitrary code, cause a Denial of Service condition or have other unspecified impact.

Workaround

There is no known workaround at this time.

Resolution

All Mozilla Network Security Service (NSS) users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/nss-3.49"

References

[ 1 ] CVE-2017-11695 https://nvd.nist.gov/vuln/detail/CVE-2017-11695 [ 2 ] CVE-2017-11696 https://nvd.nist.gov/vuln/detail/CVE-2017-11696 [ 3 ] CVE-2017-11697 https://nvd.nist.gov/vuln/detail/CVE-2017-11697 [ 4 ] CVE-2017-11698 https://nvd.nist.gov/vuln/detail/CVE-2017-11698 [ 5 ] CVE-2018-18508 https://nvd.nist.gov/vuln/detail/CVE-2018-18508 [ 6 ] CVE-2019-11745 https://nvd.nist.gov/vuln/detail/CVE-2019-11745

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202003-37

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: nss, nss-softokn, nss-util security update Advisory ID: RHSA-2019:4190-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:4190 Issue date: 2019-12-10 CVE Names: CVE-2019-11729 CVE-2019-11745 ==================================================================== 1. Summary:

An update for nss, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

  1. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

  1. Description:

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

The nss-softokn package provides the Network Security Services Softoken Cryptographic Module.

The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries.

Security Fix(es):

  • nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745)

  • nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

  1. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, applications using NSS (for example, Firefox) must be restarted for this update to take effect.

  1. Bugs fixed (https://bugzilla.redhat.com/):

1728437 - CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault 1774831 - CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate

  1. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source: nss-3.44.0-7.el7_7.src.rpm nss-softokn-3.44.0-8.el7_7.src.rpm nss-util-3.44.0-4.el7_7.src.rpm

x86_64: nss-3.44.0-7.el7_7.i686.rpm nss-3.44.0-7.el7_7.x86_64.rpm nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-softokn-3.44.0-8.el7_7.i686.rpm nss-softokn-3.44.0-8.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm nss-sysinit-3.44.0-7.el7_7.x86_64.rpm nss-tools-3.44.0-7.el7_7.x86_64.rpm nss-util-3.44.0-4.el7_7.i686.rpm nss-util-3.44.0-4.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64: nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-devel-3.44.0-7.el7_7.i686.rpm nss-devel-3.44.0-7.el7_7.x86_64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm nss-util-devel-3.44.0-4.el7_7.i686.rpm nss-util-devel-3.44.0-4.el7_7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source: nss-3.44.0-7.el7_7.src.rpm nss-softokn-3.44.0-8.el7_7.src.rpm nss-util-3.44.0-4.el7_7.src.rpm

x86_64: nss-3.44.0-7.el7_7.i686.rpm nss-3.44.0-7.el7_7.x86_64.rpm nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-softokn-3.44.0-8.el7_7.i686.rpm nss-softokn-3.44.0-8.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm nss-sysinit-3.44.0-7.el7_7.x86_64.rpm nss-tools-3.44.0-7.el7_7.x86_64.rpm nss-util-3.44.0-4.el7_7.i686.rpm nss-util-3.44.0-4.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64: nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-devel-3.44.0-7.el7_7.i686.rpm nss-devel-3.44.0-7.el7_7.x86_64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm nss-util-devel-3.44.0-4.el7_7.i686.rpm nss-util-devel-3.44.0-4.el7_7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source: nss-3.44.0-7.el7_7.src.rpm nss-softokn-3.44.0-8.el7_7.src.rpm nss-util-3.44.0-4.el7_7.src.rpm

ppc64: nss-3.44.0-7.el7_7.ppc.rpm nss-3.44.0-7.el7_7.ppc64.rpm nss-debuginfo-3.44.0-7.el7_7.ppc.rpm nss-debuginfo-3.44.0-7.el7_7.ppc64.rpm nss-devel-3.44.0-7.el7_7.ppc.rpm nss-devel-3.44.0-7.el7_7.ppc64.rpm nss-softokn-3.44.0-8.el7_7.ppc.rpm nss-softokn-3.44.0-8.el7_7.ppc64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.ppc.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.ppc64.rpm nss-softokn-devel-3.44.0-8.el7_7.ppc.rpm nss-softokn-devel-3.44.0-8.el7_7.ppc64.rpm nss-softokn-freebl-3.44.0-8.el7_7.ppc.rpm nss-softokn-freebl-3.44.0-8.el7_7.ppc64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.ppc.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.ppc64.rpm nss-sysinit-3.44.0-7.el7_7.ppc64.rpm nss-tools-3.44.0-7.el7_7.ppc64.rpm nss-util-3.44.0-4.el7_7.ppc.rpm nss-util-3.44.0-4.el7_7.ppc64.rpm nss-util-debuginfo-3.44.0-4.el7_7.ppc.rpm nss-util-debuginfo-3.44.0-4.el7_7.ppc64.rpm nss-util-devel-3.44.0-4.el7_7.ppc.rpm nss-util-devel-3.44.0-4.el7_7.ppc64.rpm

ppc64le: nss-3.44.0-7.el7_7.ppc64le.rpm nss-debuginfo-3.44.0-7.el7_7.ppc64le.rpm nss-devel-3.44.0-7.el7_7.ppc64le.rpm nss-softokn-3.44.0-8.el7_7.ppc64le.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.ppc64le.rpm nss-softokn-devel-3.44.0-8.el7_7.ppc64le.rpm nss-softokn-freebl-3.44.0-8.el7_7.ppc64le.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.ppc64le.rpm nss-sysinit-3.44.0-7.el7_7.ppc64le.rpm nss-tools-3.44.0-7.el7_7.ppc64le.rpm nss-util-3.44.0-4.el7_7.ppc64le.rpm nss-util-debuginfo-3.44.0-4.el7_7.ppc64le.rpm nss-util-devel-3.44.0-4.el7_7.ppc64le.rpm

s390x: nss-3.44.0-7.el7_7.s390.rpm nss-3.44.0-7.el7_7.s390x.rpm nss-debuginfo-3.44.0-7.el7_7.s390.rpm nss-debuginfo-3.44.0-7.el7_7.s390x.rpm nss-devel-3.44.0-7.el7_7.s390.rpm nss-devel-3.44.0-7.el7_7.s390x.rpm nss-softokn-3.44.0-8.el7_7.s390.rpm nss-softokn-3.44.0-8.el7_7.s390x.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.s390.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.s390x.rpm nss-softokn-devel-3.44.0-8.el7_7.s390.rpm nss-softokn-devel-3.44.0-8.el7_7.s390x.rpm nss-softokn-freebl-3.44.0-8.el7_7.s390.rpm nss-softokn-freebl-3.44.0-8.el7_7.s390x.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.s390.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.s390x.rpm nss-sysinit-3.44.0-7.el7_7.s390x.rpm nss-tools-3.44.0-7.el7_7.s390x.rpm nss-util-3.44.0-4.el7_7.s390.rpm nss-util-3.44.0-4.el7_7.s390x.rpm nss-util-debuginfo-3.44.0-4.el7_7.s390.rpm nss-util-debuginfo-3.44.0-4.el7_7.s390x.rpm nss-util-devel-3.44.0-4.el7_7.s390.rpm nss-util-devel-3.44.0-4.el7_7.s390x.rpm

x86_64: nss-3.44.0-7.el7_7.i686.rpm nss-3.44.0-7.el7_7.x86_64.rpm nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-devel-3.44.0-7.el7_7.i686.rpm nss-devel-3.44.0-7.el7_7.x86_64.rpm nss-softokn-3.44.0-8.el7_7.i686.rpm nss-softokn-3.44.0-8.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm nss-sysinit-3.44.0-7.el7_7.x86_64.rpm nss-tools-3.44.0-7.el7_7.x86_64.rpm nss-util-3.44.0-4.el7_7.i686.rpm nss-util-3.44.0-4.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm nss-util-devel-3.44.0-4.el7_7.i686.rpm nss-util-devel-3.44.0-4.el7_7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64: nss-debuginfo-3.44.0-7.el7_7.ppc.rpm nss-debuginfo-3.44.0-7.el7_7.ppc64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.ppc.rpm nss-pkcs11-devel-3.44.0-7.el7_7.ppc64.rpm

ppc64le: nss-debuginfo-3.44.0-7.el7_7.ppc64le.rpm nss-pkcs11-devel-3.44.0-7.el7_7.ppc64le.rpm

s390x: nss-debuginfo-3.44.0-7.el7_7.s390.rpm nss-debuginfo-3.44.0-7.el7_7.s390x.rpm nss-pkcs11-devel-3.44.0-7.el7_7.s390.rpm nss-pkcs11-devel-3.44.0-7.el7_7.s390x.rpm

x86_64: nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source: nss-3.44.0-7.el7_7.src.rpm nss-softokn-3.44.0-8.el7_7.src.rpm nss-util-3.44.0-4.el7_7.src.rpm

x86_64: nss-3.44.0-7.el7_7.i686.rpm nss-3.44.0-7.el7_7.x86_64.rpm nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-devel-3.44.0-7.el7_7.i686.rpm nss-devel-3.44.0-7.el7_7.x86_64.rpm nss-softokn-3.44.0-8.el7_7.i686.rpm nss-softokn-3.44.0-8.el7_7.x86_64.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm nss-softokn-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm nss-sysinit-3.44.0-7.el7_7.x86_64.rpm nss-tools-3.44.0-7.el7_7.x86_64.rpm nss-util-3.44.0-4.el7_7.i686.rpm nss-util-3.44.0-4.el7_7.x86_64.rpm nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm nss-util-devel-3.44.0-4.el7_7.i686.rpm nss-util-devel-3.44.0-4.el7_7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64: nss-debuginfo-3.44.0-7.el7_7.i686.rpm nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2019-11729 https://access.redhat.com/security/cve/CVE-2019-11745 https://access.redhat.com/security/updates/classification/#important

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXe/GMNzjgjWX9erEAQjtKBAAk1TZvBRRA8ZC4B0U49uerK/eMM24Q4xR PQWxuobDF/YzpJVZqDolO6CfRTBSnDHEuc/OkK0fC8Yskk0T9cp0DWAkHnUal0wB Zmd61xW4IGSHtEH+g7K8Rv0q8Mto5AeC1hggOwT+0INvRAAa/Qm0c7m0+OSyLIZi lgk9DLa+srY/6Z2wETS4b7DQiUA2nXegb7CbbnM0Mo2aooPeljsq6pkvyZy2Na0/ MMl/Xo8BWqU0lGrIBgVmrNRLMVkDJfVm7wSvBLaYk9EP758DfRLikm+GpGCowFUf +60rIxp1iG4Hto7BqusUwmJmdw6fDGeoJSX/qQu3ZHFbpEsd9HCzzGKg9QFmF/yY N4RWrM4KRMwqHG4qTpDYypKDn5QCGzh1dZuYQJ2gYLmHCBnTzrV0bDJtrzbUWwTx eFX1YLv4Vw6oYwT1cAx3Ho2B3kpufVezAzfUhtw8uj20Ix1B0NHDcCszNAFWrE8T QZ4BVVAzjl6xJoZSnjIQ+aBe3zVBW5P6yBhnqWUxS0VuGS3gbS6uPBMusr81sGK6 TjvPP+l8Ss6DQJic42+xruw8g8XqDqnUv3V12iTcOhqPtM7vmzExdMX5wXJ48lo9 Yl6UYkr6P4pM/vNQjgqD7UGud2ILthlwKzqdg9l4DZiA4pctAvAQtgEaL6783OK6 7R6thlrPkII=KHlQ -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6) - i386, x86_64

  1. 8) - aarch64, ppc64le, s390x, x86_64

  2. 8.0) - ppc64le, x86_64

For the stable distribution (buster), these problems have been fixed in version 2:3.42.1-1+deb10u2.

We recommend that you upgrade your nss packages.

For the detailed security status of nss please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nss

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3qzaYACgkQEMKTtsN8 TjZ7yg//SABSzXoip0pAHIT9lNxDFNL44E27iqRWeurCyfxnQNvNaeShakiTj1Yj sSb2pqo0+gGLsUgtQdKKc8yeOERvuihWRoVDroW7onYG93vpsZ1H8Z7HSEJOGMQl Bt/HcjayCfXrA313/B5SBTiKE/Ks4CvYQvk+BrFwjFEUoYhXzxXwfUIxym1L8+gq jG3Qsh38iOFhrXfXBe2PGaUGU6AVcS/BGTam31s1g54mta4a+obIbvvQu3MGHJLH UTTcVPy7PhK5dofufbJXo1QGqfgdLxsvZAqhcyU1cXBZa7k18Ykts9jKukwoDZV0 hR2jISnOddovQWdPWLqz/ENOTIkY8Ue5/cPIaQ+I9tAL2JOBHBmddP+WeqBxpO8o DpP+4EILROZQ5g+WjLT1Twsje3NJQYx6z7YmXo/0N0ELM+81Sono1wKTgegVBa0F 8eET2FDW45sKFOGV1QTTI5F1mSmgSHiTdtVl/riuzdWrdig8316dByz994dZD+Co TgMiALJWwiVDY6XHHrPwzmvqNoqlcUvNgh4v7tRkTL/YjlHxD+x8R08sRaVo5gqz Z4CyLaP1ByO0X/i4dkuVtD5kIX9GlqLRYkUSnOBhwaoPr7ZgZBCnJfyQixsME1L5 yOg6+j//ncYos+KWeb1upZdUHHB340UmTxbEtECa7jfanMcrtpw= =QZmZ -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202001-1433",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "firefox esr",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "mozilla",
        "version": "68.3"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "thunderbird",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "68.3.0"
      },
      {
        "model": "enterprise linux server aus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "6.6"
      },
      {
        "model": "firefox",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "mozilla",
        "version": "71.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "19.10"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "18.04"
      },
      {
        "model": "leap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "opensuse",
        "version": "15.1"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "model": "ubuntu linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canonical",
        "version": "16.04"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.14.0"
      },
      {
        "model": "firefox",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "mozilla",
        "version": "71"
      },
      {
        "model": "thunderbird",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "mozilla",
        "version": "68.3"
      },
      {
        "model": "leap",
        "scope": null,
        "trust": 0.8,
        "vendor": "opensuse",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013984"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11745"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:mozilla:firefox",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:mozilla:firefox_esr",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:mozilla:thunderbird",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:opensuse_project:leap",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013984"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "155622"
      },
      {
        "db": "PACKETSTORM",
        "id": "155609"
      },
      {
        "db": "PACKETSTORM",
        "id": "155589"
      },
      {
        "db": "PACKETSTORM",
        "id": "156093"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2019-11745",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2019-11745",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2019-11745",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-11745",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-11745",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-11745",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-11745",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-11745"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013984"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11745"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird \u003c 68.3, Firefox ESR \u003c 68.3, and Firefox \u003c 71. Firefox and Thunderbird Contains an out-of-bounds write vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. =========================================================================\nUbuntu Security Notice USN-4203-2\nNovember 27, 2019\n\nnss vulnerability\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nNSS could be made to crash or run programs if it received specially crafted\ninput. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\nOriginal advisory details:\n\n It was discovered that NSS incorrectly handled certain memory operations. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202003-37\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Mozilla Network Security Service: Multiple vulnerabilities\n     Date: March 16, 2020\n     Bugs: #627534, #676868, #701840\n       ID: 202003-37\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Mozilla Network Security\nService (NSS), the worst of which may lead to arbitrary code execution. Please review the CVE identifiers referenced\nbelow for details. \n\nImpact\n======\n\nAn attacker could execute arbitrary code, cause a Denial of Service\ncondition or have other unspecified impact. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Mozilla Network Security Service (NSS) users should upgrade to the\nlatest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-libs/nss-3.49\"\n\nReferences\n==========\n\n[ 1 ] CVE-2017-11695\n      https://nvd.nist.gov/vuln/detail/CVE-2017-11695\n[ 2 ] CVE-2017-11696\n      https://nvd.nist.gov/vuln/detail/CVE-2017-11696\n[ 3 ] CVE-2017-11697\n      https://nvd.nist.gov/vuln/detail/CVE-2017-11697\n[ 4 ] CVE-2017-11698\n      https://nvd.nist.gov/vuln/detail/CVE-2017-11698\n[ 5 ] CVE-2018-18508\n      https://nvd.nist.gov/vuln/detail/CVE-2018-18508\n[ 6 ] CVE-2019-11745\n      https://nvd.nist.gov/vuln/detail/CVE-2019-11745\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202003-37\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: nss, nss-softokn, nss-util security update\nAdvisory ID:       RHSA-2019:4190-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:4190\nIssue date:        2019-12-10\nCVE Names:         CVE-2019-11729 CVE-2019-11745\n====================================================================\n1. Summary:\n\nAn update for nss, nss-softokn, and nss-util is now available for Red Hat\nEnterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. \n\nThe nss-softokn package provides the Network Security Services Softoken\nCryptographic Module. \n\nThe nss-util packages provide utilities for use with the Network Security\nServices (NSS) libraries. \n\nSecurity Fix(es):\n\n* nss: Out-of-bounds write when passing an output buffer smaller than the\nblock size to NSC_EncryptUpdate (CVE-2019-11745)\n\n* nss: Empty or malformed p256-ECDH public keys may trigger a segmentation\nfault (CVE-2019-11729)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, applications using NSS (for example, Firefox)\nmust be restarted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1728437 - CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault\n1774831 - CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nnss-3.44.0-7.el7_7.src.rpm\nnss-softokn-3.44.0-8.el7_7.src.rpm\nnss-util-3.44.0-4.el7_7.src.rpm\n\nx86_64:\nnss-3.44.0-7.el7_7.i686.rpm\nnss-3.44.0-7.el7_7.x86_64.rpm\nnss-debuginfo-3.44.0-7.el7_7.i686.rpm\nnss-debuginfo-3.44.0-7.el7_7.x86_64.rpm\nnss-softokn-3.44.0-8.el7_7.i686.rpm\nnss-softokn-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.i686.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm\nnss-sysinit-3.44.0-7.el7_7.x86_64.rpm\nnss-tools-3.44.0-7.el7_7.x86_64.rpm\nnss-util-3.44.0-4.el7_7.i686.rpm\nnss-util-3.44.0-4.el7_7.x86_64.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.i686.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nnss-debuginfo-3.44.0-7.el7_7.i686.rpm\nnss-debuginfo-3.44.0-7.el7_7.x86_64.rpm\nnss-devel-3.44.0-7.el7_7.i686.rpm\nnss-devel-3.44.0-7.el7_7.x86_64.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-devel-3.44.0-8.el7_7.i686.rpm\nnss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.i686.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm\nnss-util-devel-3.44.0-4.el7_7.i686.rpm\nnss-util-devel-3.44.0-4.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nnss-3.44.0-7.el7_7.src.rpm\nnss-softokn-3.44.0-8.el7_7.src.rpm\nnss-util-3.44.0-4.el7_7.src.rpm\n\nx86_64:\nnss-3.44.0-7.el7_7.i686.rpm\nnss-3.44.0-7.el7_7.x86_64.rpm\nnss-debuginfo-3.44.0-7.el7_7.i686.rpm\nnss-debuginfo-3.44.0-7.el7_7.x86_64.rpm\nnss-softokn-3.44.0-8.el7_7.i686.rpm\nnss-softokn-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.i686.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm\nnss-sysinit-3.44.0-7.el7_7.x86_64.rpm\nnss-tools-3.44.0-7.el7_7.x86_64.rpm\nnss-util-3.44.0-4.el7_7.i686.rpm\nnss-util-3.44.0-4.el7_7.x86_64.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.i686.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nnss-debuginfo-3.44.0-7.el7_7.i686.rpm\nnss-debuginfo-3.44.0-7.el7_7.x86_64.rpm\nnss-devel-3.44.0-7.el7_7.i686.rpm\nnss-devel-3.44.0-7.el7_7.x86_64.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-devel-3.44.0-8.el7_7.i686.rpm\nnss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.i686.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm\nnss-util-devel-3.44.0-4.el7_7.i686.rpm\nnss-util-devel-3.44.0-4.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nnss-3.44.0-7.el7_7.src.rpm\nnss-softokn-3.44.0-8.el7_7.src.rpm\nnss-util-3.44.0-4.el7_7.src.rpm\n\nppc64:\nnss-3.44.0-7.el7_7.ppc.rpm\nnss-3.44.0-7.el7_7.ppc64.rpm\nnss-debuginfo-3.44.0-7.el7_7.ppc.rpm\nnss-debuginfo-3.44.0-7.el7_7.ppc64.rpm\nnss-devel-3.44.0-7.el7_7.ppc.rpm\nnss-devel-3.44.0-7.el7_7.ppc64.rpm\nnss-softokn-3.44.0-8.el7_7.ppc.rpm\nnss-softokn-3.44.0-8.el7_7.ppc64.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.ppc.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.ppc64.rpm\nnss-softokn-devel-3.44.0-8.el7_7.ppc.rpm\nnss-softokn-devel-3.44.0-8.el7_7.ppc64.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.ppc.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.ppc64.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.ppc.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.ppc64.rpm\nnss-sysinit-3.44.0-7.el7_7.ppc64.rpm\nnss-tools-3.44.0-7.el7_7.ppc64.rpm\nnss-util-3.44.0-4.el7_7.ppc.rpm\nnss-util-3.44.0-4.el7_7.ppc64.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.ppc.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.ppc64.rpm\nnss-util-devel-3.44.0-4.el7_7.ppc.rpm\nnss-util-devel-3.44.0-4.el7_7.ppc64.rpm\n\nppc64le:\nnss-3.44.0-7.el7_7.ppc64le.rpm\nnss-debuginfo-3.44.0-7.el7_7.ppc64le.rpm\nnss-devel-3.44.0-7.el7_7.ppc64le.rpm\nnss-softokn-3.44.0-8.el7_7.ppc64le.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.ppc64le.rpm\nnss-softokn-devel-3.44.0-8.el7_7.ppc64le.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.ppc64le.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.ppc64le.rpm\nnss-sysinit-3.44.0-7.el7_7.ppc64le.rpm\nnss-tools-3.44.0-7.el7_7.ppc64le.rpm\nnss-util-3.44.0-4.el7_7.ppc64le.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.ppc64le.rpm\nnss-util-devel-3.44.0-4.el7_7.ppc64le.rpm\n\ns390x:\nnss-3.44.0-7.el7_7.s390.rpm\nnss-3.44.0-7.el7_7.s390x.rpm\nnss-debuginfo-3.44.0-7.el7_7.s390.rpm\nnss-debuginfo-3.44.0-7.el7_7.s390x.rpm\nnss-devel-3.44.0-7.el7_7.s390.rpm\nnss-devel-3.44.0-7.el7_7.s390x.rpm\nnss-softokn-3.44.0-8.el7_7.s390.rpm\nnss-softokn-3.44.0-8.el7_7.s390x.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.s390.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.s390x.rpm\nnss-softokn-devel-3.44.0-8.el7_7.s390.rpm\nnss-softokn-devel-3.44.0-8.el7_7.s390x.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.s390.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.s390x.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.s390.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.s390x.rpm\nnss-sysinit-3.44.0-7.el7_7.s390x.rpm\nnss-tools-3.44.0-7.el7_7.s390x.rpm\nnss-util-3.44.0-4.el7_7.s390.rpm\nnss-util-3.44.0-4.el7_7.s390x.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.s390.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.s390x.rpm\nnss-util-devel-3.44.0-4.el7_7.s390.rpm\nnss-util-devel-3.44.0-4.el7_7.s390x.rpm\n\nx86_64:\nnss-3.44.0-7.el7_7.i686.rpm\nnss-3.44.0-7.el7_7.x86_64.rpm\nnss-debuginfo-3.44.0-7.el7_7.i686.rpm\nnss-debuginfo-3.44.0-7.el7_7.x86_64.rpm\nnss-devel-3.44.0-7.el7_7.i686.rpm\nnss-devel-3.44.0-7.el7_7.x86_64.rpm\nnss-softokn-3.44.0-8.el7_7.i686.rpm\nnss-softokn-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-devel-3.44.0-8.el7_7.i686.rpm\nnss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.i686.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm\nnss-sysinit-3.44.0-7.el7_7.x86_64.rpm\nnss-tools-3.44.0-7.el7_7.x86_64.rpm\nnss-util-3.44.0-4.el7_7.i686.rpm\nnss-util-3.44.0-4.el7_7.x86_64.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.i686.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm\nnss-util-devel-3.44.0-4.el7_7.i686.rpm\nnss-util-devel-3.44.0-4.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nnss-debuginfo-3.44.0-7.el7_7.ppc.rpm\nnss-debuginfo-3.44.0-7.el7_7.ppc64.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.ppc.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.ppc64.rpm\n\nppc64le:\nnss-debuginfo-3.44.0-7.el7_7.ppc64le.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.ppc64le.rpm\n\ns390x:\nnss-debuginfo-3.44.0-7.el7_7.s390.rpm\nnss-debuginfo-3.44.0-7.el7_7.s390x.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.s390.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.s390x.rpm\n\nx86_64:\nnss-debuginfo-3.44.0-7.el7_7.i686.rpm\nnss-debuginfo-3.44.0-7.el7_7.x86_64.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nnss-3.44.0-7.el7_7.src.rpm\nnss-softokn-3.44.0-8.el7_7.src.rpm\nnss-util-3.44.0-4.el7_7.src.rpm\n\nx86_64:\nnss-3.44.0-7.el7_7.i686.rpm\nnss-3.44.0-7.el7_7.x86_64.rpm\nnss-debuginfo-3.44.0-7.el7_7.i686.rpm\nnss-debuginfo-3.44.0-7.el7_7.x86_64.rpm\nnss-devel-3.44.0-7.el7_7.i686.rpm\nnss-devel-3.44.0-7.el7_7.x86_64.rpm\nnss-softokn-3.44.0-8.el7_7.i686.rpm\nnss-softokn-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm\nnss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-devel-3.44.0-8.el7_7.i686.rpm\nnss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.i686.rpm\nnss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm\nnss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm\nnss-sysinit-3.44.0-7.el7_7.x86_64.rpm\nnss-tools-3.44.0-7.el7_7.x86_64.rpm\nnss-util-3.44.0-4.el7_7.i686.rpm\nnss-util-3.44.0-4.el7_7.x86_64.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.i686.rpm\nnss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm\nnss-util-devel-3.44.0-4.el7_7.i686.rpm\nnss-util-devel-3.44.0-4.el7_7.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nnss-debuginfo-3.44.0-7.el7_7.i686.rpm\nnss-debuginfo-3.44.0-7.el7_7.x86_64.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm\nnss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-11729\nhttps://access.redhat.com/security/cve/CVE-2019-11745\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXe/GMNzjgjWX9erEAQjtKBAAk1TZvBRRA8ZC4B0U49uerK/eMM24Q4xR\nPQWxuobDF/YzpJVZqDolO6CfRTBSnDHEuc/OkK0fC8Yskk0T9cp0DWAkHnUal0wB\nZmd61xW4IGSHtEH+g7K8Rv0q8Mto5AeC1hggOwT+0INvRAAa/Qm0c7m0+OSyLIZi\nlgk9DLa+srY/6Z2wETS4b7DQiUA2nXegb7CbbnM0Mo2aooPeljsq6pkvyZy2Na0/\nMMl/Xo8BWqU0lGrIBgVmrNRLMVkDJfVm7wSvBLaYk9EP758DfRLikm+GpGCowFUf\n+60rIxp1iG4Hto7BqusUwmJmdw6fDGeoJSX/qQu3ZHFbpEsd9HCzzGKg9QFmF/yY\nN4RWrM4KRMwqHG4qTpDYypKDn5QCGzh1dZuYQJ2gYLmHCBnTzrV0bDJtrzbUWwTx\neFX1YLv4Vw6oYwT1cAx3Ho2B3kpufVezAzfUhtw8uj20Ix1B0NHDcCszNAFWrE8T\nQZ4BVVAzjl6xJoZSnjIQ+aBe3zVBW5P6yBhnqWUxS0VuGS3gbS6uPBMusr81sGK6\nTjvPP+l8Ss6DQJic42+xruw8g8XqDqnUv3V12iTcOhqPtM7vmzExdMX5wXJ48lo9\nYl6UYkr6P4pM/vNQjgqD7UGud2ILthlwKzqdg9l4DZiA4pctAvAQtgEaL6783OK6\n7R6thlrPkII=KHlQ\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 6) - i386, x86_64\n\n3. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. 8.0) - ppc64le, x86_64\n\n3. \n    \nFor the stable distribution (buster), these problems have been fixed in\nversion 2:3.42.1-1+deb10u2. \n\nWe recommend that you upgrade your nss packages. \n\nFor the detailed security status of nss please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/nss\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3qzaYACgkQEMKTtsN8\nTjZ7yg//SABSzXoip0pAHIT9lNxDFNL44E27iqRWeurCyfxnQNvNaeShakiTj1Yj\nsSb2pqo0+gGLsUgtQdKKc8yeOERvuihWRoVDroW7onYG93vpsZ1H8Z7HSEJOGMQl\nBt/HcjayCfXrA313/B5SBTiKE/Ks4CvYQvk+BrFwjFEUoYhXzxXwfUIxym1L8+gq\njG3Qsh38iOFhrXfXBe2PGaUGU6AVcS/BGTam31s1g54mta4a+obIbvvQu3MGHJLH\nUTTcVPy7PhK5dofufbJXo1QGqfgdLxsvZAqhcyU1cXBZa7k18Ykts9jKukwoDZV0\nhR2jISnOddovQWdPWLqz/ENOTIkY8Ue5/cPIaQ+I9tAL2JOBHBmddP+WeqBxpO8o\nDpP+4EILROZQ5g+WjLT1Twsje3NJQYx6z7YmXo/0N0ELM+81Sono1wKTgegVBa0F\n8eET2FDW45sKFOGV1QTTI5F1mSmgSHiTdtVl/riuzdWrdig8316dByz994dZD+Co\nTgMiALJWwiVDY6XHHrPwzmvqNoqlcUvNgh4v7tRkTL/YjlHxD+x8R08sRaVo5gqz\nZ4CyLaP1ByO0X/i4dkuVtD5kIX9GlqLRYkUSnOBhwaoPr7ZgZBCnJfyQixsME1L5\nyOg6+j//ncYos+KWeb1upZdUHHB340UmTxbEtECa7jfanMcrtpw=\n=QZmZ\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-11745"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013984"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-11745"
      },
      {
        "db": "PACKETSTORM",
        "id": "155487"
      },
      {
        "db": "PACKETSTORM",
        "id": "156770"
      },
      {
        "db": "PACKETSTORM",
        "id": "155486"
      },
      {
        "db": "PACKETSTORM",
        "id": "155622"
      },
      {
        "db": "PACKETSTORM",
        "id": "155609"
      },
      {
        "db": "PACKETSTORM",
        "id": "155589"
      },
      {
        "db": "PACKETSTORM",
        "id": "156093"
      },
      {
        "db": "PACKETSTORM",
        "id": "155601"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-11745",
        "trust": 2.7
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-040-04",
        "trust": 1.1
      },
      {
        "db": "SIEMENS",
        "id": "SSA-379803",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013984",
        "trust": 0.8
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-11745",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155487",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "156770",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155486",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155622",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155609",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155589",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "156093",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "155601",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-11745"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013984"
      },
      {
        "db": "PACKETSTORM",
        "id": "155487"
      },
      {
        "db": "PACKETSTORM",
        "id": "156770"
      },
      {
        "db": "PACKETSTORM",
        "id": "155486"
      },
      {
        "db": "PACKETSTORM",
        "id": "155622"
      },
      {
        "db": "PACKETSTORM",
        "id": "155609"
      },
      {
        "db": "PACKETSTORM",
        "id": "155589"
      },
      {
        "db": "PACKETSTORM",
        "id": "156093"
      },
      {
        "db": "PACKETSTORM",
        "id": "155601"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11745"
      }
    ]
  },
  "id": "VAR-202001-1433",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.52540106
  },
  "last_update_date": "2024-11-29T22:35:51.750000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MFSA2019-36",
        "trust": 0.8,
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/"
      },
      {
        "title": "MFSA2019-37",
        "trust": 0.8,
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/"
      },
      {
        "title": "MFSA2019-38",
        "trust": 0.8,
        "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/"
      },
      {
        "title": "openSUSE-SU-2020:0008-1",
        "trust": 0.8,
        "url": "https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html"
      },
      {
        "title": "openSUSE-SU-2020:0003-1",
        "trust": 0.8,
        "url": "https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html"
      },
      {
        "title": "openSUSE-SU-2020:0002-1",
        "trust": 0.8,
        "url": "https://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html"
      },
      {
        "title": "Red Hat: Important: nss security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200243 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: nss-softokn security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201461 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: nss security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194114 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: nss-softokn security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20200466 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: nss-softokn security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194152 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: nss, nss-softokn, nss-util security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20194190 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: nss-softokn security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201345 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: nss-softokn security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20201267 - Security Advisory"
      },
      {
        "title": "Ubuntu Security Notice: nss vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4203-2"
      },
      {
        "title": "Ubuntu Security Notice: nss vulnerability",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4203-1"
      },
      {
        "title": "Debian Security Advisories: DSA-4579-1 nss -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0af759a984821af0886871e7a26a298e"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2019-11745 log"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2020-1379",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1379"
      },
      {
        "title": "IBM: Security Bulletin: Vulnerability in nss, nss-softokn, nss-util vulnerability (CVE-2019-11729 and CVE-2019-11745)",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=74fd642ff4a4659039a762a5a0a24106"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2023-1942",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2023-1942"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2020-1384",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2020-1384"
      },
      {
        "title": "Amazon Linux AMI: ALAS-2020-1355",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2020-1355"
      },
      {
        "title": "Ubuntu Security Notice: firefox vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4216-1"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201912-2] thunderbird: arbitrary code execution",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201912-2"
      },
      {
        "title": "Ubuntu Security Notice: firefox vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4216-2"
      },
      {
        "title": "Ubuntu Security Notice: thunderbird vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4241-1"
      },
      {
        "title": "Mozilla: Security Vulnerabilities fixed in - Firefox ESR 68.3",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=940e53f5eecee1395e2713b0ed07506b"
      },
      {
        "title": "Mozilla: Security Vulnerabilities fixed in - Thunderbird 68.3",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=dffa374fab03b4f5b5596346629ccc8c"
      },
      {
        "title": "Arch Linux Advisories: [ASA-201912-1] firefox: multiple issues",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201912-1"
      },
      {
        "title": "Siemens Security Advisories: Siemens Security Advisory",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=409c1cd1b8ef401020956950fd839000"
      },
      {
        "title": "Mozilla: Security Vulnerabilities fixed in - Firefox 71",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories\u0026qid=a8e439d387c58595bbdb24cc3bdadd40"
      },
      {
        "title": "Ubuntu Security Notice: thunderbird vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-4335-1"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-11745"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013984"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013984"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11745"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11745"
      },
      {
        "trust": 1.3,
        "url": "https://access.redhat.com/errata/rhsa-2020:0243"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/202003-37"
      },
      {
        "trust": 1.1,
        "url": "https://www.mozilla.org/security/advisories/mfsa2019-38/"
      },
      {
        "trust": 1.1,
        "url": "https://www.mozilla.org/security/advisories/mfsa2019-37/"
      },
      {
        "trust": 1.1,
        "url": "https://www.mozilla.org/security/advisories/mfsa2019-36/"
      },
      {
        "trust": 1.1,
        "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1586176"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/4241-1/"
      },
      {
        "trust": 1.1,
        "url": "https://access.redhat.com/errata/rhsa-2020:0466"
      },
      {
        "trust": 1.1,
        "url": "https://security.gentoo.org/glsa/202003-02"
      },
      {
        "trust": 1.1,
        "url": "https://security.gentoo.org/glsa/202003-10"
      },
      {
        "trust": 1.1,
        "url": "https://usn.ubuntu.com/4335-1/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html"
      },
      {
        "trust": 1.1,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf"
      },
      {
        "trust": 1.1,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11745"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/cve/cve-2019-11745"
      },
      {
        "trust": 0.4,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.2,
        "url": "https://usn.ubuntu.com/4203-1"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/787.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4203-2/"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4203-1/"
      },
      {
        "trust": 0.1,
        "url": "https://usn.ubuntu.com/4203-2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11696"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11695"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-18508"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11697"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-11698"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.35-2ubuntu2.5"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.42-1ubuntu2.3"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.45-1ubuntu2.1"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/nss/2:3.28.4-0ubuntu0.16.04.8"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11729"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11729"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:4190"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:4152"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2019:4114"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/nss"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-17007"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-11745"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013984"
      },
      {
        "db": "PACKETSTORM",
        "id": "155487"
      },
      {
        "db": "PACKETSTORM",
        "id": "156770"
      },
      {
        "db": "PACKETSTORM",
        "id": "155486"
      },
      {
        "db": "PACKETSTORM",
        "id": "155622"
      },
      {
        "db": "PACKETSTORM",
        "id": "155609"
      },
      {
        "db": "PACKETSTORM",
        "id": "155589"
      },
      {
        "db": "PACKETSTORM",
        "id": "156093"
      },
      {
        "db": "PACKETSTORM",
        "id": "155601"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11745"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2019-11745"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013984"
      },
      {
        "db": "PACKETSTORM",
        "id": "155487"
      },
      {
        "db": "PACKETSTORM",
        "id": "156770"
      },
      {
        "db": "PACKETSTORM",
        "id": "155486"
      },
      {
        "db": "PACKETSTORM",
        "id": "155622"
      },
      {
        "db": "PACKETSTORM",
        "id": "155609"
      },
      {
        "db": "PACKETSTORM",
        "id": "155589"
      },
      {
        "db": "PACKETSTORM",
        "id": "156093"
      },
      {
        "db": "PACKETSTORM",
        "id": "155601"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-11745"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-01-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-11745"
      },
      {
        "date": "2020-01-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-013984"
      },
      {
        "date": "2019-11-28T01:22:40",
        "db": "PACKETSTORM",
        "id": "155487"
      },
      {
        "date": "2020-03-16T22:35:27",
        "db": "PACKETSTORM",
        "id": "156770"
      },
      {
        "date": "2019-11-28T01:22:35",
        "db": "PACKETSTORM",
        "id": "155486"
      },
      {
        "date": "2019-12-10T23:01:23",
        "db": "PACKETSTORM",
        "id": "155622"
      },
      {
        "date": "2019-12-10T15:49:04",
        "db": "PACKETSTORM",
        "id": "155609"
      },
      {
        "date": "2019-12-09T15:52:48",
        "db": "PACKETSTORM",
        "id": "155589"
      },
      {
        "date": "2020-01-27T22:53:39",
        "db": "PACKETSTORM",
        "id": "156093"
      },
      {
        "date": "2019-12-09T22:22:22",
        "db": "PACKETSTORM",
        "id": "155601"
      },
      {
        "date": "2020-01-08T20:15:12.313000",
        "db": "NVD",
        "id": "CVE-2019-11745"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-11745"
      },
      {
        "date": "2020-01-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-013984"
      },
      {
        "date": "2024-11-21T04:21:42.373000",
        "db": "NVD",
        "id": "CVE-2019-11745"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "155487"
      },
      {
        "db": "PACKETSTORM",
        "id": "155486"
      }
    ],
    "trust": 0.2
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Firefox and  Thunderbird Vulnerable to out-of-bounds writing",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-013984"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "arbitrary",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "155487"
      },
      {
        "db": "PACKETSTORM",
        "id": "155486"
      },
      {
        "db": "PACKETSTORM",
        "id": "155601"
      }
    ],
    "trust": 0.3
  }
}

var-202307-0583
Vulnerability from variot

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments.

Siemens RUGGEDCOM ROX has a command injection vulnerability. The vulnerability stems from the lack of server-side input validation

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202307-0583",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
        "version": null
      },
      {
        "model": "ruggedcom rox mx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox mx5000re",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1400",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1500",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1501",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1510",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1511",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1512",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1524",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx1536",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      },
      {
        "model": "ruggedcom rox rx5000",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v2.16.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60608"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021732"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36753"
      }
    ]
  },
  "cve": "CVE-2023-36753",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2023-60608",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "id": "CVE-2023-36753",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "productcert@siemens.com",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.3,
            "id": "CVE-2023-36753",
            "impactScore": 6.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.2,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2023-36753",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2023-36753",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "productcert@siemens.com",
            "id": "CVE-2023-36753",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2023-36753",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2023-60608",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202307-733",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60608"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021732"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-733"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36753"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36753"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. RUGGEDCOM ROX MX5000 firmware, ruggedcom rox mx5000re firmware, RUGGEDCOM ROX RX1400 Multiple Siemens products such as firmware contain a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments. \n\r\n\r\nSiemens RUGGEDCOM ROX has a command injection vulnerability. The vulnerability stems from the lack of server-side input validation",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2023-36753"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021732"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-60608"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36753"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2023-36753",
        "trust": 3.9
      },
      {
        "db": "SIEMENS",
        "id": "SSA-146325",
        "trust": 3.1
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-23-194-01",
        "trust": 0.8
      },
      {
        "db": "JVN",
        "id": "JVNVU95292697",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021732",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2023-60608",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-733",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36753",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60608"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36753"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021732"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-733"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36753"
      }
    ]
  },
  "id": "VAR-202307-0583",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60608"
      }
    ],
    "trust": 1.17411168
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60608"
      }
    ]
  },
  "last_update_date": "2024-08-14T12:05:28.074000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Siemens RUGGEDCOM ROX Command Injection Vulnerability (CNVD-2023-60608)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/449041"
      },
      {
        "title": "Siemens RUGGEDCOM ROX A series of products Fixes for command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=246656"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60608"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-733"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-77",
        "trust": 1.0
      },
      {
        "problemtype": "Command injection (CWE-77) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021732"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36753"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://jvn.jp/vu/jvnvu95292697/"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2023-36753"
      },
      {
        "trust": 0.8,
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-194-01"
      },
      {
        "trust": 0.6,
        "url": "https://cert-portal.siemens.com/productcert/html/ssa-146325.html"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/cveshow/cve-2023-36753/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60608"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36753"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021732"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-733"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36753"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2023-60608"
      },
      {
        "db": "VULMON",
        "id": "CVE-2023-36753"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021732"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-733"
      },
      {
        "db": "NVD",
        "id": "CVE-2023-36753"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-60608"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-36753"
      },
      {
        "date": "2024-01-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021732"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-733"
      },
      {
        "date": "2023-07-11T10:15:11.360000",
        "db": "NVD",
        "id": "CVE-2023-36753"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-08-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2023-60608"
      },
      {
        "date": "2023-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2023-36753"
      },
      {
        "date": "2024-01-19T08:07:00",
        "db": "JVNDB",
        "id": "JVNDB-2023-021732"
      },
      {
        "date": "2023-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202307-733"
      },
      {
        "date": "2023-07-18T18:39:45.780000",
        "db": "NVD",
        "id": "CVE-2023-36753"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-733"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Command injection vulnerability in multiple Siemens products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2023-021732"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "command injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202307-733"
      }
    ],
    "trust": 0.6
  }
}

cve-2023-36750
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-26 18:40
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
Impacted products
Vendor Product Version
Siemens RUGGEDCOM ROX MX5000RE Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1400 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1500 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1501 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1510 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1511 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1512 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1524 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1536 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX5000 Version: All versions < V2.16.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:52:54.252Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_mx5000",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_mx5000re",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1400",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1500",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1501",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1510",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1511",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1512",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1524",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1536",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx5000",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36750",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-26T18:35:58.218652Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T18:40:24.816Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000RE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1400",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1500",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1501",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1510",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1511",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1512",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1524",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1536",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-11T09:07:16.822Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-36750",
    "datePublished": "2023-07-11T09:07:16.822Z",
    "dateReserved": "2023-06-27T11:37:08.703Z",
    "dateUpdated": "2024-11-26T18:40:24.816Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-36386
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-10-21 21:10
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an “invalid params element name” error on the get_elements parameters.
Impacted products
Vendor Product Version
Siemens RUGGEDCOM ROX MX5000RE Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1400 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1500 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1501 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1510 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1511 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1512 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1524 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1536 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX5000 Version: All versions < V2.16.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:45:56.712Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36386",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T21:06:52.736344Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T21:10:35.826Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000RE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1400",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1500",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1501",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1510",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1511",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1512",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1524",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1536",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an\r\n\u201cinvalid params element name\u201d error on the get_elements parameters."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-11T09:07:10.369Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-36386",
    "datePublished": "2023-07-11T09:07:10.369Z",
    "dateReserved": "2023-06-21T13:10:13.218Z",
    "dateUpdated": "2024-10-21T21:10:35.826Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-28398
Vulnerability from cvelistv5
Published
2024-12-10 13:53
Modified
2024-12-10 15:28
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The CLI feature in the web interface of affected devices is vulnerable to cross-site request forgery (CSRF). This could allow an attacker to read or modify the device configuration by tricking an authenticated legitimate user into accessing a malicious link.
Impacted products
Vendor Product Version
Siemens RUGGEDCOM ROX MX5000RE Version: 0   < V2.16.0
Siemens RUGGEDCOM ROX RX1400 Version: 0   < V2.16.0
Siemens RUGGEDCOM ROX RX1500 Version: 0   < V2.16.0
Siemens RUGGEDCOM ROX RX1501 Version: 0   < V2.16.0
Siemens RUGGEDCOM ROX RX1510 Version: 0   < V2.16.0
Siemens RUGGEDCOM ROX RX1511 Version: 0   < V2.16.0
Siemens RUGGEDCOM ROX RX1512 Version: 0   < V2.16.0
Siemens RUGGEDCOM ROX RX1524 Version: 0   < V2.16.0
Siemens RUGGEDCOM ROX RX1536 Version: 0   < V2.16.0
Siemens RUGGEDCOM ROX RX5000 Version: 0   < V2.16.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_mx5000",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_mx5000re",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1400",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1500",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1501",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1510",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1511",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1512",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1524",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1536",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx5000",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-28398",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-10T15:22:35.373344Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-10T15:28:51.944Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.16.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000RE",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.16.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1400",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.16.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1500",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.16.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1501",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.16.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1510",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.16.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1511",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.16.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1512",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.16.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1524",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.16.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1536",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.16.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2.16.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The CLI feature in the web interface of affected devices is vulnerable to \r\ncross-site request forgery (CSRF).\r\n\r\nThis could allow an attacker to read or modify the device configuration\r\nby tricking an authenticated legitimate user into accessing a malicious link."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352: Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-10T13:53:19.090Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-384652.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2020-28398",
    "datePublished": "2024-12-10T13:53:19.090Z",
    "dateReserved": "2020-11-10T00:00:00.000Z",
    "dateUpdated": "2024-12-10T15:28:51.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-36753
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-12-02 18:56
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
Impacted products
Vendor Product Version
Siemens RUGGEDCOM ROX MX5000RE Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1400 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1500 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1501 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1510 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1511 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1512 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1524 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1536 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX5000 Version: All versions < V2.16.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:52:54.239Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_mx5000",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_mx5000re",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1400",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1500",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1501",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1510",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1511",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1512",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1524",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1536",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx5000",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36753",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-02T18:50:15.983427Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-02T18:56:24.844Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000RE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1400",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1500",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1501",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1510",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1511",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1512",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1524",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1536",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-11T09:07:20.117Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-36753",
    "datePublished": "2023-07-11T09:07:20.117Z",
    "dateReserved": "2023-06-27T11:37:08.703Z",
    "dateUpdated": "2024-12-02T18:56:24.844Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-36752
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-20 20:30
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
Impacted products
Vendor Product Version
Siemens RUGGEDCOM ROX MX5000RE Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1400 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1500 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1501 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1510 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1511 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1512 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1524 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1536 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX5000 Version: All versions < V2.16.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:52:54.242Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1512",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1524",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1536",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx5000",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_mx5000",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_mx5000re",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1400",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1500",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1501",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1510",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1511",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36752",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-20T20:25:17.463714Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-20T20:30:40.852Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000RE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1400",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1500",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1501",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1510",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1511",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1512",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1524",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1536",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-11T09:07:19.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-36752",
    "datePublished": "2023-07-11T09:07:19.000Z",
    "dateReserved": "2023-06-27T11:37:08.703Z",
    "dateUpdated": "2024-11-20T20:30:40.852Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-36755
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-19 16:30
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
Impacted products
Vendor Product Version
Siemens RUGGEDCOM ROX MX5000RE Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1400 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1500 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1501 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1510 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1511 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1512 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1524 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1536 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX5000 Version: All versions < V2.16.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:52:54.103Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "ruggedcom_rox_mx5000",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "ruggedcom_rox_mx5000re",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "ruggedcom_rox_rx1400",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "ruggedcom_rox_rx1500",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "ruggedcom_rox_rx1511",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "ruggedcom_rox_rx1512",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "ruggedcom_rox_rx1524",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "ruggedcom_rox_rx1536",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "ruggedcom_rox_rx5000",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36755",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T16:25:28.010364Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-19T16:30:23.659Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000RE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1400",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1500",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1501",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1510",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1511",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1512",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1524",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1536",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-11T09:07:22.285Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-36755",
    "datePublished": "2023-07-11T09:07:22.285Z",
    "dateReserved": "2023-06-27T11:37:08.704Z",
    "dateUpdated": "2024-11-19T16:30:23.659Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-36389
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-10-21 21:10
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflected directly in the response without sanitization while throwing an “invalid path” error.
Impacted products
Vendor Product Version
Siemens RUGGEDCOM ROX MX5000RE Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1400 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1500 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1501 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1510 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1511 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1512 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1524 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1536 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX5000 Version: All versions < V2.16.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:45:56.382Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36389",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T21:06:51.541223Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T21:10:27.428Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000RE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1400",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1500",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1501",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1510",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1511",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1512",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1524",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1536",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.  The malformed value is reflected\r\ndirectly in the response without sanitization while throwing an \u201cinvalid path\u201d error."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-11T09:07:11.475Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-36389",
    "datePublished": "2023-07-11T09:07:11.475Z",
    "dateReserved": "2023-06-21T14:31:54.523Z",
    "dateUpdated": "2024-10-21T21:10:27.428Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-29560
Vulnerability from cvelistv5
Published
2022-07-12 10:06
Modified
2024-08-03 06:26
Severity ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500 (All versions < 2.15.1), RUGGEDCOM ROX RX1501 (All versions < 2.15.1), RUGGEDCOM ROX RX1510 (All versions < 2.15.1), RUGGEDCOM ROX RX1511 (All versions < 2.15.1), RUGGEDCOM ROX RX1512 (All versions < 2.15.1), RUGGEDCOM ROX RX1524 (All versions < 2.15.1), RUGGEDCOM ROX RX1536 (All versions < 2.15.1), RUGGEDCOM ROX RX5000 (All versions < 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user.
Impacted products
Vendor Product Version
Siemens RUGGEDCOM ROX MX5000RE Version: All versions < 2.15.1
Siemens RUGGEDCOM ROX RX1400 Version: All versions < 2.15.1
Siemens RUGGEDCOM ROX RX1500 Version: All versions < 2.15.1
Siemens RUGGEDCOM ROX RX1501 Version: All versions < 2.15.1
Siemens RUGGEDCOM ROX RX1510 Version: All versions < 2.15.1
Siemens RUGGEDCOM ROX RX1511 Version: All versions < 2.15.1
Siemens RUGGEDCOM ROX RX1512 Version: All versions < 2.15.1
Siemens RUGGEDCOM ROX RX1524 Version: All versions < 2.15.1
Siemens RUGGEDCOM ROX RX1536 Version: All versions < 2.15.1
Siemens RUGGEDCOM ROX RX5000 Version: All versions < 2.15.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:26:06.278Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RUGGEDCOM ROX MX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 2.15.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX MX5000RE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 2.15.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1400",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 2.15.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1500",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 2.15.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1501",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 2.15.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1510",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 2.15.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1511",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 2.15.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1512",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 2.15.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1524",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 2.15.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1536",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 2.15.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 2.15.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c 2.15.1), RUGGEDCOM ROX MX5000RE (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1400 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1500 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1501 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1510 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1511 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1512 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1524 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1536 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX5000 (All versions \u003c 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-12T10:06:38",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2022-29560",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "RUGGEDCOM ROX MX5000",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 2.15.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX MX5000RE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 2.15.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1400",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 2.15.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1500",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 2.15.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1501",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 2.15.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1510",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 2.15.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1511",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 2.15.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1512",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 2.15.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1524",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 2.15.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1536",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 2.15.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX5000",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 2.15.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c 2.15.1), RUGGEDCOM ROX MX5000RE (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1400 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1500 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1501 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1510 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1511 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1512 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1524 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX1536 (All versions \u003c 2.15.1), RUGGEDCOM ROX RX5000 (All versions \u003c 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599506.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-29560",
    "datePublished": "2022-07-12T10:06:38",
    "dateReserved": "2022-04-21T00:00:00",
    "dateUpdated": "2024-08-03T06:26:06.278Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-37174
Vulnerability from cvelistv5
Published
2021-09-14 10:47
Modified
2024-08-04 01:16
Severity ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access.
Impacted products
Vendor Product Version
Siemens RUGGEDCOM ROX RX1400 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1500 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1501 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1510 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1511 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1512 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1524 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1536 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX5000 Version: All versions < V2.14.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:16:02.881Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RUGGEDCOM ROX MX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1400",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1500",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1501",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1510",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1511",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1512",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1524",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1536",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250: Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-14T10:47:42",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2021-37174",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "RUGGEDCOM ROX MX5000",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1400",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1500",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1501",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1510",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1511",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1512",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1524",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1536",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX5000",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). The affected devices have a privilege escalation vulnerability, if exploited, an attacker could gain root user access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-250: Execution with Unnecessary Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-37174",
    "datePublished": "2021-09-14T10:47:42",
    "dateReserved": "2021-07-21T00:00:00",
    "dateUpdated": "2024-08-04T01:16:02.881Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-37175
Vulnerability from cvelistv5
Published
2021-09-14 10:47
Modified
2024-08-04 01:16
Severity ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices.
Impacted products
Vendor Product Version
Siemens RUGGEDCOM ROX RX1400 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1500 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1501 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1510 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1511 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1512 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1524 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1536 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX5000 Version: All versions < V2.14.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:16:02.802Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RUGGEDCOM ROX MX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1400",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1500",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1501",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1510",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1511",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1512",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1524",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1536",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges ",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-14T10:47:43",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2021-37175",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "RUGGEDCOM ROX MX5000",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1400",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1500",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1501",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1510",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1511",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1512",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1524",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1536",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX5000",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). The affected devices do not properly handle permissions to traverse the file system. If exploited, an attacker could gain access to an overview of the complete file system on the affected devices."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-280: Improper Handling of Insufficient Permissions or Privileges "
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-37175",
    "datePublished": "2021-09-14T10:47:43",
    "dateReserved": "2021-07-21T00:00:00",
    "dateUpdated": "2024-08-04T01:16:02.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-36751
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-26 16:42
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
Impacted products
Vendor Product Version
Siemens RUGGEDCOM ROX MX5000RE Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1400 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1500 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1501 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1510 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1511 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1512 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1524 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1536 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX5000 Version: All versions < V2.16.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:52:54.455Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_mx5000",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_mx5000re",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1400",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1500",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1501",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1510",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1511",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1512",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1524",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1536",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx5000",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "v2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36751",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-26T16:36:23.343532Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-26T16:42:01.446Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000RE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1400",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1500",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1501",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1510",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1511",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1512",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1524",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1536",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-11T09:07:17.921Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-36751",
    "datePublished": "2023-07-11T09:07:17.921Z",
    "dateReserved": "2023-06-27T11:37:08.703Z",
    "dateUpdated": "2024-11-26T16:42:01.446Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-37173
Vulnerability from cvelistv5
Published
2021-09-14 10:47
Modified
2024-08-04 01:16
Severity ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device.
Impacted products
Vendor Product Version
Siemens RUGGEDCOM ROX RX1400 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1500 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1501 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1510 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1511 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1512 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1524 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1536 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX5000 Version: All versions < V2.14.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:16:02.864Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RUGGEDCOM ROX MX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1400",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1500",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1501",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1510",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1511",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1512",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1524",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1536",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269: Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-12T09:49:36",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2021-37173",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "RUGGEDCOM ROX MX5000",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1400",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1500",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1501",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1510",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1511",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1512",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1524",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1536",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX5000",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). The command line interface of affected devices insufficiently restrict file read and write operations for low privileged users. This could allow an authenticated remote attacker to escalate privileges and gain root access to the device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-269: Improper Privilege Management"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-37173",
    "datePublished": "2021-09-14T10:47:41",
    "dateReserved": "2021-07-21T00:00:00",
    "dateUpdated": "2024-08-04T01:16:02.864Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-29561
Vulnerability from cvelistv5
Published
2023-07-11 09:06
Modified
2024-11-12 19:11
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.
Impacted products
Vendor Product Version
Siemens RUGGEDCOM ROX MX5000RE Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1400 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1500 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1501 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1510 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1511 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1512 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1524 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1536 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX5000 Version: All versions < V2.16.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:26:05.943Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_mx5000",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_mx5000re",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1400",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1500",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1501",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "V2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1510",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "V2.16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1511",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "V2.16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1512",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "V2.16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1524",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "V2.16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1536",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "V2.16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx5000",
            "vendor": "siemens",
            "versions": [
              {
                "status": "affected",
                "version": "V2.16.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-29561",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T19:06:12.746479Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T19:11:46.270Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000RE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1400",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1500",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1501",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1510",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1511",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1512",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1524",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1536",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352: Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-11T09:06:58.988Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-29561",
    "datePublished": "2023-07-11T09:06:58.988Z",
    "dateReserved": "2022-04-21T13:34:15.980Z",
    "dateUpdated": "2024-11-12T19:11:46.270Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-36754
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-12-10 17:04
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.
Impacted products
Vendor Product Version
Siemens RUGGEDCOM ROX MX5000RE Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1400 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1500 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1501 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1510 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1511 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1512 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1524 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1536 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX5000 Version: All versions < V2.16.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:52:54.240Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36754",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-10T17:04:20.520881Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-10T17:04:35.432Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000RE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1400",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1500",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1501",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1510",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1511",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1512",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1524",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1536",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-11T09:07:21.194Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-36754",
    "datePublished": "2023-07-11T09:07:21.194Z",
    "dateReserved": "2023-06-27T11:37:08.704Z",
    "dateUpdated": "2024-12-10T17:04:35.432Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-41546
Vulnerability from cvelistv5
Published
2021-10-12 09:49
Modified
2024-08-04 03:15
Severity ?
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service.
Impacted products
Vendor Product Version
Siemens RUGGEDCOM ROX RX1400 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1500 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1501 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1510 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1511 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1512 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1524 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX1536 Version: All versions < V2.14.1
Siemens RUGGEDCOM ROX RX5000 Version: All versions < V2.14.1
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:15:28.882Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RUGGEDCOM ROX MX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1400",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1500",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1501",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1510",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1511",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1512",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1524",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX1536",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        },
        {
          "product": "RUGGEDCOM ROX RX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.14.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-12T09:49:39",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2021-41546",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "RUGGEDCOM ROX MX5000",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1400",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1500",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1501",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1510",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1511",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1512",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1524",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX1536",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "RUGGEDCOM ROX RX5000",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V2.14.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1400 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1500 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1501 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1510 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1511 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1512 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1524 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX1536 (All versions \u003c V2.14.1), RUGGEDCOM ROX RX5000 (All versions \u003c V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400: Uncontrolled Resource Consumption"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-173565.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-41546",
    "datePublished": "2021-10-12T09:49:39",
    "dateReserved": "2021-09-21T00:00:00",
    "dateUpdated": "2024-08-04T03:15:28.882Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-36748
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-27 14:16
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over to and from the affected device.
Impacted products
Vendor Product Version
Siemens RUGGEDCOM ROX MX5000RE Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1400 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1500 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1501 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1510 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1511 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1512 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1524 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1536 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX5000 Version: All versions < V2.16.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:52:54.437Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36748",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T14:16:24.794778Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T14:16:46.630Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000RE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1400",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1500",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1501",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1510",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1511",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1512",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1524",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1536",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data\r\npassed over to and from the affected device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-326",
              "description": "CWE-326: Inadequate Encryption Strength",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-11T09:07:14.689Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-36748",
    "datePublished": "2023-07-11T09:07:14.689Z",
    "dateReserved": "2023-06-27T11:37:08.703Z",
    "dateUpdated": "2024-11-27T14:16:46.630Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-29562
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-12 16:17
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner.
Impacted products
Vendor Product Version
Siemens RUGGEDCOM ROX MX5000RE Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1400 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1500 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1501 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1510 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1511 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1512 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1524 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1536 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX5000 Version: All versions < V2.16.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:26:06.059Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-29562",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T16:17:25.427826Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T16:17:46.868Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000RE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1400",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1500",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1501",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1510",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1511",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1512",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1524",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1536",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-11T09:07:00.397Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2022-29562",
    "datePublished": "2023-07-11T09:07:00.397Z",
    "dateReserved": "2022-04-21T13:34:15.980Z",
    "dateUpdated": "2024-11-12T16:17:46.868Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-36749
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-11-27 14:15
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data.
Impacted products
Vendor Product Version
Siemens RUGGEDCOM ROX MX5000RE Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1400 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1500 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1501 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1510 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1511 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1512 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1524 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1536 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX5000 Version: All versions < V2.16.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:52:54.156Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_mx5000:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_mx5000",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_mx5000re:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_mx5000re",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1400:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1400",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1500:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1500",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1501:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1501",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1510:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1510",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1511:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1511",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1512:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1512",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1524:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1524",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx1536:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx1536",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:siemens:ruggedcom_rox_rx5000:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ruggedcom_rox_rx5000",
            "vendor": "siemens",
            "versions": [
              {
                "lessThan": "2.16.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36749",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-27T13:57:48.336400Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-27T14:15:10.273Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000RE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1400",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1500",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1501",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1510",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1511",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1512",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1524",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1536",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-327",
              "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-11T09:07:15.754Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-36749",
    "datePublished": "2023-07-11T09:07:15.754Z",
    "dateReserved": "2023-06-27T11:37:08.703Z",
    "dateUpdated": "2024-11-27T14:15:10.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-36390
Vulnerability from cvelistv5
Published
2023-07-11 09:07
Modified
2024-10-21 21:10
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an “invalid params element name” error on the action parameters.
Impacted products
Vendor Product Version
Siemens RUGGEDCOM ROX MX5000RE Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1400 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1500 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1501 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1510 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1511 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1512 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1524 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX1536 Version: All versions < V2.16.0
Siemens RUGGEDCOM ROX RX5000 Version: All versions < V2.16.0
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:45:56.373Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-36390",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T21:06:50.284040Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T21:10:21.036Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX MX5000RE",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1400",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1500",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1501",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1510",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1511",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1512",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1524",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX1536",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "RUGGEDCOM ROX RX5000",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.16.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.16.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.16.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response\r\nwithout sanitization while throwing an \u201cinvalid params element name\u201d error on the action parameters."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-11T09:07:12.557Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-146325.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2023-36390",
    "datePublished": "2023-07-11T09:07:12.557Z",
    "dateReserved": "2023-06-21T14:46:26.354Z",
    "dateUpdated": "2024-10-21T21:10:21.036Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}