All the vulnerabilites related to Siemens - SCALANCE XF-200BA
cve-2021-25667
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf | x_refsource_MISC | |
https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03 | x_refsource_MISC |
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM RM1224 |
Version: All versions >= V4.3 and < V6.4 |
||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T20:11:27.468Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "RUGGEDCOM RM1224", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V4.3 and \u003c V6.4" } ] }, { "product": "SCALANCE M-800", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V4.3 and \u003c V6.4" } ] }, { "product": "SCALANCE S615", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V4.3 and \u003c V6.4" } ] }, { "product": "SCALANCE SC-600 Family", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 and \u003c V2.1.3" } ] }, { "product": "SCALANCE XB-200", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1" } ] }, { "product": "SCALANCE XC-200", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1" } ] }, { "product": "SCALANCE XF-200BA", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1" } ] }, { "product": "SCALANCE XM400", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V6.2" } ] }, { "product": "SCALANCE XP-200", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1" } ] }, { "product": "SCALANCE XR-300WG", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1" } ] }, { "product": "SCALANCE XR500", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V6.2" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM RM1224 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE M-800 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE S615 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE SC-600 Family (All versions \u003e= V2.0 and \u003c V2.1.3), SCALANCE XB-200 (All versions \u003c V4.1), SCALANCE XC-200 (All versions \u003c V4.1), SCALANCE XF-200BA (All versions \u003c V4.1), SCALANCE XM400 (All versions \u003c V6.2), SCALANCE XP-200 (All versions \u003c V4.1), SCALANCE XR-300WG (All versions \u003c V4.1), SCALANCE XR500 (All versions \u003c V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-04-22T20:42:20", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-25667", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "RUGGEDCOM RM1224", "version": { "version_data": [ { "version_value": "All versions \u003e= V4.3 and \u003c V6.4" } ] } }, { "product_name": "SCALANCE M-800", "version": { "version_data": [ { "version_value": "All versions \u003e= V4.3 and \u003c V6.4" } ] } }, { "product_name": "SCALANCE S615", "version": { "version_data": [ { "version_value": "All versions \u003e= V4.3 and \u003c V6.4" } ] } }, { "product_name": "SCALANCE SC-600 Family", "version": { "version_data": [ { "version_value": "All versions \u003e= V2.0 and \u003c V2.1.3" } ] } }, { "product_name": "SCALANCE XB-200", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1" } ] } }, { "product_name": "SCALANCE XC-200", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1" } ] } }, { "product_name": "SCALANCE XF-200BA", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1" } ] } }, { "product_name": "SCALANCE XM400", "version": { "version_data": [ { "version_value": "All versions \u003c V6.2" } ] } }, { "product_name": "SCALANCE XP-200", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1" } ] } }, { "product_name": "SCALANCE XR-300WG", "version": { "version_data": [ { "version_value": "All versions \u003c V4.1" } ] } }, { "product_name": "SCALANCE XR500", "version": { "version_data": [ { "version_value": "All versions \u003c V6.2" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in RUGGEDCOM RM1224 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE M-800 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE S615 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE SC-600 Family (All versions \u003e= V2.0 and \u003c V2.1.3), SCALANCE XB-200 (All versions \u003c V4.1), SCALANCE XC-200 (All versions \u003c V4.1), SCALANCE XF-200BA (All versions \u003c V4.1), SCALANCE XM400 (All versions \u003c V6.2), SCALANCE XP-200 (All versions \u003c V4.1), SCALANCE XR-300WG (All versions \u003c V4.1), SCALANCE XR500 (All versions \u003c V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-121: Stack-based Buffer Overflow" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf" }, { "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-25667", "datePublished": "2021-03-15T17:03:31", "dateReserved": "2021-01-21T00:00:00", "dateUpdated": "2024-08-03T20:11:27.468Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-13946
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2019-13946", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T18:06:01.358486Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T18:06:09.778Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-05T00:05:44.023Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-780073.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V4.5" } ] }, { "defaultStatus": "unknown", "product": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V4.6" } ] }, { "defaultStatus": "unknown", "product": "PROFINET Driver for Controller", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V2.1" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RM1224 family", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M804PB", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M812-1 ADSL-Router", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M812-1 ADSL-Router", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M816-1 ADSL-Router", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M816-1 ADSL-Router", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M826-2 SHDSL-Router", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M874-2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M874-3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M876-3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M876-3 (ROK)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M876-4 (EU)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M876-4 (NAM)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE S615 LAN-Router", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE W-700 IEEE 802.11n family", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c= V6.0.1" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X200-4P IRT", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V5.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X201-3P IRT", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V5.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X201-3P IRT PRO", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V5.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X202-2IRT", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V5.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X202-2P IRT", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V5.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X202-2P IRT PRO", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V5.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X204-2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.2.5" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X204-2FM", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.2.5" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X204-2LD", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.2.5" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X204-2LD TS", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.2.5" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X204-2TS", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.2.5" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X204IRT", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V5.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X204IRT PRO", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V5.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X206-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.2.5" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X206-1LD", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.2.5" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X208", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.2.5" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X208PRO", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.2.5" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X212-2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.2.5" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X212-2LD", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.2.5" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X216", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.2.5" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X224", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.2.5" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X302-7 EEC (230V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X302-7 EEC (230V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X302-7 EEC (24V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X302-7 EEC (24V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X302-7 EEC (2x 230V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X302-7 EEC (2x 230V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X302-7 EEC (2x 24V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X302-7 EEC (2x 24V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X304-2FE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X306-1LD FE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X307-2 EEC (230V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X307-2 EEC (230V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X307-2 EEC (24V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X307-2 EEC (24V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X307-2 EEC (2x 230V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X307-2 EEC (2x 230V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X307-2 EEC (2x 24V, coated)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X307-2 EEC (2x 24V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X307-3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X307-3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X307-3LD", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X307-3LD", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X308-2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X308-2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X308-2LD", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X308-2LD", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X308-2LH", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X308-2LH", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X308-2LH+", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X308-2LH+", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X308-2M", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X308-2M", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X308-2M PoE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X308-2M PoE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X308-2M TS", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X308-2M TS", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X310", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X310", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X310FE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X310FE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X320-1 FE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X320-1-2LD FE", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE X408-2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XB-200 family", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XC-200", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XF-200BA", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XF201-3P IRT", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V5.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XF202-2P IRT", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V5.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XF204", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.2.5" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XF204-2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.2.5" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XF204-2BA IRT", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V5.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XF204IRT", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V5.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XF206-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.2.5" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XF208", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.2.5" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XM-400 family", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V6.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XP-200", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR-300WG family", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR-500 family", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V6.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-12M (230V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-12M (230V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-12M (230V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-12M (230V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-12M (24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-12M (24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-12M (24V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-12M (24V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-12M TS (24V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-12M TS (24V)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-4M EEC (24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-4M EEC (24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-4M EEC (24V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-4M EEC (24V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-4M PoE (230V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-4M PoE (230V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-4M PoE (24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-4M PoE (24V, ports on rear)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE XR324-4M PoE TS (24V, ports on front)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1616 and CP 1604", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V2.8" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 343-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 343-1 Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 343-1 ERPC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 343-1 Lean", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 443-1", "vendor": "Siemens", "versions": [ { "lessThan": "V3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 443-1", "vendor": "Siemens", "versions": [ { "lessThan": "V3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 443-1 Advanced", "vendor": "Siemens", "versions": [ { "lessThan": "V3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 443-1 OPC UA", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200AL IM 157-1 PN", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200M IM 153-4 PN IO HF (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200M IM 153-4 PN IO ST (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200MP IM 155-5 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200MP IM 155-5 PN ST", "vendor": "Siemens", "versions": [ { "lessThan": "V4.1.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200pro IM 154-3 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200pro IM 154-4 PN HF", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN BA", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN ST", "vendor": "Siemens", "versions": [ { "lessThan": "V4.1.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP IM 155-6 PN ST BA", "vendor": "Siemens", "versions": [ { "lessThan": "V4.1.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 4AO U/I 4xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200ecoPN: IO-Link Master", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET200S (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC IPC Support, Package for VxWorks", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC MV420 SR-B", "vendor": "Siemens", "versions": [ { "lessThan": "V7.0.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC MV420 SR-B Body", "vendor": "Siemens", "versions": [ { "lessThan": "V7.0.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC MV420 SR-P", "vendor": "Siemens", "versions": [ { "lessThan": "V7.0.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC MV420 SR-P Body", "vendor": "Siemens", "versions": [ { "lessThan": "V7.0.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC MV440 HR", "vendor": "Siemens", "versions": [ { "lessThan": "V7.0.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC MV440 SR", "vendor": "Siemens", "versions": [ { "lessThan": "V7.0.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC MV440 UR", "vendor": "Siemens", "versions": [ { "lessThan": "V7.0.6", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF180C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF182C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF600R family", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3" } ] }, { "defaultStatus": "unknown", "product": "SIMOTION C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.5" } ] }, { "defaultStatus": "unknown", "product": "SIMOTION D", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.5" } ] }, { "defaultStatus": "unknown", "product": "SIMOTION P", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.5" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS DCP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All Versions \u003c V1.3" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200MP IM 155-5 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200MP IM 155-5 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200MP IM 155-5 PN ST", "vendor": "Siemens", "versions": [ { "lessThan": "V4.1.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V4.1.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN HF", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST", "vendor": "Siemens", "versions": [ { "lessThan": "V4.1.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST BA", "vendor": "Siemens", "versions": [ { "lessThan": "V4.1.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V4.1.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V4.1.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 343-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 343-1 Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 343-1 Lean", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 443-1", "vendor": "Siemens", "versions": [ { "lessThan": "V3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 443-1 Advanced", "vendor": "Siemens", "versions": [ { "lessThan": "V3.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET SCALANCE X308-2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.1.4" } ] }, { "defaultStatus": "unknown", "product": "SOFTNET-IE PNIO", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] } ], "descriptions": [ { "lang": "en", "value": "Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit\ninternal resource allocation when multiple legitimate diagnostic package\nrequests are sent to the DCE-RPC interface.\nThis could lead to a denial of service condition due to lack of memory\nfor devices that include a vulnerable version of the stack.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to an affected device. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise the availability of the device." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:03:58.088Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-780073.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-13946", "datePublished": "2020-02-11T15:36:10", "dateReserved": "2019-07-18T00:00:00", "dateUpdated": "2024-08-05T00:05:44.023Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-201908-1834
Vulnerability from variot
A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access to port 22/tcp as well as physical access to an affected device may trigger the device to allow execution of arbitrary commands. The security vulnerability could be exploited by an authenticated attacker with physical access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the confidentiality, integrity and availability of the affected device. SCALANCE SC-600 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SCALANCE SC-600 is an industrial safety device from Germany's Siemens. This product mainly protects equipment and networks in discrete manufacturing and process industries, and protects industrial communications through mechanisms such as stateful packet inspection firewalls (SPI firewalls) and virtual private networks (VPNs).
Command injection vulnerability exists in Siemens SCALANCE SC-600 V2.0. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. An attacker could use this vulnerability to execute an illegal command. SCALANCE SC firewall is used to protect trusted industrial networks from untrusted networks. It allows filtering of input and output network connections in different ways
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1834", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "scalance sc-600", "scope": "eq", "trust": 1.8, "vendor": "siemens", "version": "2.0" }, { "model": "scalance sc-600", "scope": "eq", "trust": 1.2, "vendor": "siemens", "version": "v2.0" }, { "model": "scalance xb-200", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.1" }, { "model": "scalance xc-200", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.1" }, { "model": "scalance xf-200ba", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.1" }, { "model": "scalance xp-200", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.1" }, { "model": "scalance xr-300wg", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.1" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-10472" }, { "db": "CNVD", "id": "CNVD-2019-27706" }, { "db": "JVNDB", "id": "JVNDB-2019-008095" }, { "db": "NVD", "id": "CVE-2019-10928" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:siemens:scalance_sc-600_firmware", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-008095" } ] }, "cve": "CVE-2019-10928", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CVE-2019-10928", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CNVD-2020-10472", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 6.5, "id": "CNVD-2019-27706", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "VHN-142523", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.7, "id": "CVE-2019-10928", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Physical", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.6, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2019-10928", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-10928", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2019-10928", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2020-10472", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2019-27706", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201908-893", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-142523", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-10472" }, { "db": "CNVD", "id": "CNVD-2019-27706" }, { "db": "VULHUB", "id": "VHN-142523" }, { "db": "JVNDB", "id": "JVNDB-2019-008095" }, { "db": "CNNVD", "id": "CNNVD-201908-893" }, { "db": "NVD", "id": "CVE-2019-10928" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access to port 22/tcp as well as physical access to an affected device may trigger the device to allow execution of arbitrary commands. The security vulnerability could be exploited by an authenticated attacker with physical access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the confidentiality, integrity and availability of the affected device. SCALANCE SC-600 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SCALANCE SC-600 is an industrial safety device from Germany\u0027s Siemens. This product mainly protects equipment and networks in discrete manufacturing and process industries, and protects industrial communications through mechanisms such as stateful packet inspection firewalls (SPI firewalls) and virtual private networks (VPNs). \n\r\n\r\nCommand injection vulnerability exists in Siemens SCALANCE SC-600 V2.0. The vulnerability stems from the fact that the network system or product did not properly filter the special elements in the process of constructing executable commands from external input data. An attacker could use this vulnerability to execute an illegal command. SCALANCE SC firewall is used to protect trusted industrial networks from untrusted networks. It allows filtering of input and output network connections in different ways", "sources": [ { "db": "NVD", "id": "CVE-2019-10928" }, { "db": "JVNDB", "id": "JVNDB-2019-008095" }, { "db": "CNVD", "id": "CNVD-2020-10472" }, { "db": "CNVD", "id": "CNVD-2019-27706" }, { "db": "VULHUB", "id": "VHN-142523" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-10928", "trust": 3.1 }, { "db": "SIEMENS", "id": "SSA-671286", "trust": 2.9 }, { "db": "ICS CERT", "id": "ICSA-19-227-03", "trust": 1.4 }, { "db": "JVNDB", "id": "JVNDB-2019-008095", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201908-893", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2020-10472", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2019-27706", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3149", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-142523", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-10472" }, { "db": "CNVD", "id": "CNVD-2019-27706" }, { "db": "VULHUB", "id": "VHN-142523" }, { "db": "JVNDB", "id": "JVNDB-2019-008095" }, { "db": "CNNVD", "id": "CNNVD-201908-893" }, { "db": "NVD", "id": "CVE-2019-10928" } ] }, "id": "VAR-201908-1834", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2020-10472" }, { "db": "CNVD", "id": "CNVD-2019-27706" }, { "db": "VULHUB", "id": "VHN-142523" } ], "trust": 1.9103673033333335 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS", "Network device" ], "sub_category": null, "trust": 1.2 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-10472" }, { "db": "CNVD", "id": "CNVD-2019-27706" } ] }, "last_update_date": "2024-11-23T21:36:55.422000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-671286", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf" }, { "title": "Patch for Siemens SCALANCE SC-600 command injection vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/201863" }, { "title": "Patch for Siemens SCALANCE SC-600 Command Execution Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/175789" }, { "title": "SCALANCE SC-600 Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96581" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-10472" }, { "db": "CNVD", "id": "CNVD-2019-27706" }, { "db": "JVNDB", "id": "JVNDB-2019-008095" }, { "db": "CNNVD", "id": "CNNVD-201908-893" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-703", "trust": 1.0 }, { "problemtype": "CWE-77", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-142523" }, { "db": "JVNDB", "id": "JVNDB-2019-008095" }, { "db": "NVD", "id": "CVE-2019-10928" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.9, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf" }, { "trust": 1.4, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-03" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10928" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10928" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-227-03" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3149/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-10472" }, { "db": "CNVD", "id": "CNVD-2019-27706" }, { "db": "VULHUB", "id": "VHN-142523" }, { "db": "JVNDB", "id": "JVNDB-2019-008095" }, { "db": "CNNVD", "id": "CNNVD-201908-893" }, { "db": "NVD", "id": "CVE-2019-10928" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2020-10472" }, { "db": "CNVD", "id": "CNVD-2019-27706" }, { "db": "VULHUB", "id": "VHN-142523" }, { "db": "JVNDB", "id": "JVNDB-2019-008095" }, { "db": "CNNVD", "id": "CNNVD-201908-893" }, { "db": "NVD", "id": "CVE-2019-10928" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-19T00:00:00", "db": "CNVD", "id": "CNVD-2020-10472" }, { "date": "2019-08-15T00:00:00", "db": "CNVD", "id": "CNVD-2019-27706" }, { "date": "2019-08-13T00:00:00", "db": "VULHUB", "id": "VHN-142523" }, { "date": "2019-08-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-008095" }, { "date": "2019-08-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-893" }, { "date": "2019-08-13T19:15:14.767000", "db": "NVD", "id": "CVE-2019-10928" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-19T00:00:00", "db": "CNVD", "id": "CNVD-2020-10472" }, { "date": "2019-08-15T00:00:00", "db": "CNVD", "id": "CNVD-2019-27706" }, { "date": "2020-10-02T00:00:00", "db": "VULHUB", "id": "VHN-142523" }, { "date": "2019-10-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-008095" }, { "date": "2020-10-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-893" }, { "date": "2024-11-21T04:20:10.377000", "db": "NVD", "id": "CVE-2019-10928" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens SCALANCE SC-600 command injection vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2020-10472" }, { "db": "CNNVD", "id": "CNNVD-201908-893" } ], "trust": 1.2 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-893" } ], "trust": 0.6 } }
var-201908-1967
Vulnerability from variot
A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authenticated attacker with network access to to port 22/tcp of an affected device may cause a Denial-of-Service condition. The security vulnerability could be exploited by an authenticated attacker with network access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the availability of the affected device. plural SCALANCE The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SCALANCE SC firewall is used to protect trusted industrial networks from untrusted networks. It allows filtering of input and output network connections in different ways. SCALANCE X switches a are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs). A denial of service vulnerability exists in several Siemens products. Siemens SCALANCE SC-600, etc. are all products of Siemens (Siemens) in Germany. Siemens SCALANCE SC-600 is an industrial security device. SCALANCE XB-200 is a managed industrial Ethernet switch. SCALANCE XR-300WG is a rack-mounted managed switch. The vulnerability stems from the failure of the network system or product to properly validate the input data. 1 version, SCALANCE XR-300WG V4.1 version
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1967", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "scalance xb-200", "scope": "eq", "trust": 1.8, "vendor": "siemens", "version": "4.1" }, { "model": "scalance xc-200", "scope": "eq", "trust": 1.8, "vendor": "siemens", "version": "4.1" }, { "model": "scalance xf-200ba", "scope": "eq", "trust": 1.8, "vendor": "siemens", "version": "4.1" }, { "model": "scalance xp-200", "scope": "eq", "trust": 1.8, "vendor": "siemens", "version": "4.1" }, { "model": "scalance xr-300wg", "scope": "eq", "trust": 1.8, "vendor": "siemens", "version": "4.1" }, { "model": "scalance xb-200", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.1" }, { "model": "scalance xc-200", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.1" }, { "model": "scalance xf-200ba", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.1" }, { "model": "scalance xp-200", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.1" }, { "model": "scalance xr-300wg", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v4.1" }, { "model": "scalance sc-600", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v2.0" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance xb 200", "version": "4.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance xc 200", "version": "4.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance xf 200ba", "version": "4.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance xp 200", "version": "4.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance xr 300wg", "version": "4.1" } ], "sources": [ { "db": "IVD", "id": "500b373e-f73d-435e-97a3-e56d272baed8" }, { "db": "CNVD", "id": "CNVD-2019-27702" }, { "db": "CNVD", "id": "CNVD-2019-27706" }, { "db": "JVNDB", "id": "JVNDB-2019-008094" }, { "db": "NVD", "id": "CVE-2019-10927" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:siemens:scalance_xb-200_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_xc-200_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_xf-200ba_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_xp-200_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_xr-300wg_firmware", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-008094" } ] }, "cve": "CVE-2019-10927", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CVE-2019-10927", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2019-27702", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 6.5, "id": "CNVD-2019-27706", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "500b373e-f73d-435e-97a3-e56d272baed8", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "VHN-142522", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2019-10927", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-10927", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-10927", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2019-10927", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2019-27702", "trust": 0.6, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2019-27706", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201908-891", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "500b373e-f73d-435e-97a3-e56d272baed8", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-142522", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "500b373e-f73d-435e-97a3-e56d272baed8" }, { "db": "CNVD", "id": "CNVD-2019-27702" }, { "db": "CNVD", "id": "CNVD-2019-27706" }, { "db": "VULHUB", "id": "VHN-142522" }, { "db": "JVNDB", "id": "JVNDB-2019-008094" }, { "db": "CNNVD", "id": "CNNVD-201908-891" }, { "db": "NVD", "id": "CVE-2019-10927" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SCALANCE SC-600 (V2.0), SCALANCE XB-200 (V4.1), SCALANCE XC-200 (V4.1), SCALANCE XF-200BA (V4.1), SCALANCE XP-200 (V4.1), SCALANCE XR-300WG (V4.1). An authenticated attacker with network access to to port 22/tcp of an affected device may cause a Denial-of-Service condition. The security vulnerability could be exploited by an authenticated attacker with network access to the affected device. No user interaction is required to exploit this vulnerability. The vulnerability impacts the availability of the affected device. plural SCALANCE The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SCALANCE SC firewall is used to protect trusted industrial networks from untrusted networks. It allows filtering of input and output network connections in different ways. SCALANCE X switches a are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs). A denial of service vulnerability exists in several Siemens products. Siemens SCALANCE SC-600, etc. are all products of Siemens (Siemens) in Germany. Siemens SCALANCE SC-600 is an industrial security device. SCALANCE XB-200 is a managed industrial Ethernet switch. SCALANCE XR-300WG is a rack-mounted managed switch. The vulnerability stems from the failure of the network system or product to properly validate the input data. 1 version, SCALANCE XR-300WG V4.1 version", "sources": [ { "db": "NVD", "id": "CVE-2019-10927" }, { "db": "JVNDB", "id": "JVNDB-2019-008094" }, { "db": "CNVD", "id": "CNVD-2019-27702" }, { "db": "CNVD", "id": "CNVD-2019-27706" }, { "db": "IVD", "id": "500b373e-f73d-435e-97a3-e56d272baed8" }, { "db": "VULHUB", "id": "VHN-142522" } ], "trust": 2.97 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-10927", "trust": 3.3 }, { "db": "SIEMENS", "id": "SSA-671286", "trust": 2.9 }, { "db": "ICS CERT", "id": "ICSA-19-227-03", "trust": 1.4 }, { "db": "CNNVD", "id": "CNNVD-201908-891", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-27702", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-008094", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2019-27706", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.3149", "trust": 0.6 }, { "db": "IVD", "id": "500B373E-F73D-435E-97A3-E56D272BAED8", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-142522", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "500b373e-f73d-435e-97a3-e56d272baed8" }, { "db": "CNVD", "id": "CNVD-2019-27702" }, { "db": "CNVD", "id": "CNVD-2019-27706" }, { "db": "VULHUB", "id": "VHN-142522" }, { "db": "JVNDB", "id": "JVNDB-2019-008094" }, { "db": "CNNVD", "id": "CNNVD-201908-891" }, { "db": "NVD", "id": "CVE-2019-10927" } ] }, "id": "VAR-201908-1967", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "500b373e-f73d-435e-97a3-e56d272baed8" }, { "db": "CNVD", "id": "CNVD-2019-27702" }, { "db": "CNVD", "id": "CNVD-2019-27706" }, { "db": "VULHUB", "id": "VHN-142522" } ], "trust": 2.1103673033333332 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 }, { "category": [ "ICS", "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "IVD", "id": "500b373e-f73d-435e-97a3-e56d272baed8" }, { "db": "CNVD", "id": "CNVD-2019-27702" }, { "db": "CNVD", "id": "CNVD-2019-27706" } ] }, "last_update_date": "2024-11-23T21:36:55.458000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-671286", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf" }, { "title": "Patches for several Siemens Product Denial of Service Vulnerabilities (CNVD-2019-27702)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/175783" }, { "title": "Patch for Siemens SCALANCE SC-600 Command Execution Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/175789" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-27702" }, { "db": "CNVD", "id": "CNVD-2019-27706" }, { "db": "JVNDB", "id": "JVNDB-2019-008094" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-703", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-142522" }, { "db": "JVNDB", "id": "JVNDB-2019-008094" }, { "db": "NVD", "id": "CVE-2019-10927" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.9, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-671286.pdf" }, { "trust": 1.4, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-03" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10927" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10927" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-227-03" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3149/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-27702" }, { "db": "CNVD", "id": "CNVD-2019-27706" }, { "db": "VULHUB", "id": "VHN-142522" }, { "db": "JVNDB", "id": "JVNDB-2019-008094" }, { "db": "CNNVD", "id": "CNNVD-201908-891" }, { "db": "NVD", "id": "CVE-2019-10927" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "500b373e-f73d-435e-97a3-e56d272baed8" }, { "db": "CNVD", "id": "CNVD-2019-27702" }, { "db": "CNVD", "id": "CNVD-2019-27706" }, { "db": "VULHUB", "id": "VHN-142522" }, { "db": "JVNDB", "id": "JVNDB-2019-008094" }, { "db": "CNNVD", "id": "CNNVD-201908-891" }, { "db": "NVD", "id": "CVE-2019-10927" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-15T00:00:00", "db": "IVD", "id": "500b373e-f73d-435e-97a3-e56d272baed8" }, { "date": "2019-08-15T00:00:00", "db": "CNVD", "id": "CNVD-2019-27702" }, { "date": "2019-08-15T00:00:00", "db": "CNVD", "id": "CNVD-2019-27706" }, { "date": "2019-08-13T00:00:00", "db": "VULHUB", "id": "VHN-142522" }, { "date": "2019-08-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-008094" }, { "date": "2019-08-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-891" }, { "date": "2019-08-13T19:15:14.687000", "db": "NVD", "id": "CVE-2019-10927" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-15T00:00:00", "db": "CNVD", "id": "CNVD-2019-27702" }, { "date": "2019-08-15T00:00:00", "db": "CNVD", "id": "CNVD-2019-27706" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-142522" }, { "date": "2019-10-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-008094" }, { "date": "2022-03-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201908-891" }, { "date": "2024-11-21T04:20:10.243000", "db": "NVD", "id": "CVE-2019-10927" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-891" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural SCALANCE Vulnerability related to input validation in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-008094" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201908-891" } ], "trust": 0.6 } }
var-202107-1608
Vulnerability from variot
Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device. Multiple Siemens products contain vulnerabilities in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Siemens SCALANCE S602是德国西门子(Siemens)公司的一款工业安全设备. Siemens多款产品 存在安全漏洞,该漏洞允许攻击者执行拒绝服务攻击。以下产品和版本受到影响:Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), RUGGEDCOM RM1224 (All Versions < 6.4), SCALANCE M-800 (All Versions < 6.4), SCALANCE S615 (All Versions < 6.4), SCALANCE W1700 IEEE 802.11ac (All versions), SCALANCE W700 IEEE 802.11n (All versions), SCALANCE X200-4 P IRT (All Versions < V5.5.0), SCALANCE X201-3P IRT (All Versions < V5.5.0), SCALANCE X201-3P IRT PRO (All Versions < V5.5.0), SCALANCE X202-2 IRT (All Versions < V5.5.0), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All Versions < V5.5.0), SCALANCE X202-2P IRT PRO (All Versions < V5.5.0), SCALANCE X204 IRT (All Versions < V5.5.0), SCALANCE X204 IRT PRO (All Versions < V5.5.0), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2FM (All versions), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2LD TS (All versions), SCALANCE X204-2TS (All versions), SCALANCE X206-1 (All versions), SCALANCE X206-1LD (incl. SIPLUS NET variant) (All versions), SCALANCE X208 (incl. SIPLUS NET variant) (All versions), SCALANCE X208PRO (All versions), SCALANCE X212-2 (All versions), SCALANCE X212-2LD (All versions), SCALANCE X216 (All versions), SCALANCE X224 (All versions), SCALANCE X302-7EEC (All versions), SCALANCE X304-2FE (All versions), SCALANCE X306-1LDFE (All versions), SCALANCE X307-2EEC (All versions), SCALANCE X307-3 (All versions), SCALANCE X307-3LD (All versions), SCALANCE X308-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X308-2LD (All versions), SCALANCE X308-2LH (All versions), SCALANCE X308-2LH+ (All versions), SCALANCE X308-2M (All versions), SCALANCE X308-2M POE (All versions), SCALANCE X308-2M TS (All versions), SCALANCE X310 (All versions), SCALANCE X310FE (All versions), SCALANCE X320-1FE (All versions), SCALANCE X320-3LDFE (All versions), SCALANCE XB-200 (All versions), SCALANCE XC-200 (All versions), SCALANCE XF-200BA (All versions), SCALANCE XF201-3P IRT (All Versions < V5.5.0), SCALANCE XF202-2P IRT (All Versions < V5.5.0), SCALANCE XF204 (All versions), SCALANCE XF204 IRT (All Versions < V5.5.0), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE XF204-2BA IRT (All Versions < V5.5.0), SCALANCE XF206-1 (All versions), SCALANCE XF208 (All versions), SCALANCE XM400 (All versions < V6.3.1), SCALANCE XP-200 (All versions), SCALANCE XR-300WG (All versions), SCALANCE XR324-12M (All versions), SCALANCE XR324-12M TS (All versions), SCALANCE XR324-4M EEC (All versions), SCALANCE XR324-4M POE (All versions), SCALANCE XR324-4M POE TS (All versions), SCALANCE XR500 (All versions < V6.3.1), SIMATIC CFU PA (All versions), SIMATIC IE/PB-LINK V3 (All versions), SIMATIC MV500 family (All versions < V3.0), SIMATIC NET CM 1542-1 (All versions), SIMATIC NET CP1616/CP1604 (All Versions >= V2.7), SIMATIC NET CP1626 (All versions), SIMATIC NET DK-16xx PN IO (All Versions >= V2.7), SIMATIC PROFINET Driver (All versions), SIMATIC Power Line Booster PLB, Base Module (MLFB: 6ES7972-5AA10-0AB0) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All Versions < V4.5), SIMOCODE proV Ethernet/IP (All versions < V1.1.3), SIMOCODE proV PROFINET (All versions < V2.1.3), SOFTNET-IE PNIO (All versions)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-1608", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "scalance x206-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2.5" }, { "model": "scalance x201-3p irt pro", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.5.0" }, { "model": "softnet-ie pnio", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance x310fe", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic net cp1604", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "2.7" }, { "model": "scalance xr324-12m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance x306-1ldfe", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance x304-2fe", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simocode prov profinet", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1.3" }, { "model": "simatic net cm 1542-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance w1700", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance x206-1ld", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2.5" }, { "model": "scalance x308-2m poe", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xf204-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2.5" }, { "model": "scalance x202-2p irt pro", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.5.0" }, { "model": "scalance x310", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr324-4m poe ts", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simocode prov ethernet\\/ip", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1.3" }, { "model": "scalance x204 irt", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.5.0" }, { "model": "dk standard ethernet controller evaluation kit", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance x308-2lh\\+", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xf204-2ba irt", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.5.0" }, { "model": "scalance x308-2m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance x204-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2.5" }, { "model": "scalance xf204", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2.5" }, { "model": "scalance x307-3ld", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr324-4m poe", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xf206-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2.5" }, { "model": "scalance x204 irt pro", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.5.0" }, { "model": "simatic ie\\/pb-link v3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance x308-2lh", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance x308-2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance x307-2eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "ek-ertec 200 evaulation kit", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance x320-1fe", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr324-12m ts", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic power line booster plb", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic profinet driver", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3" }, { "model": "scalance x201-3p irt", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.5.0" }, { "model": "scalance x208", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2.5" }, { "model": "scalance m-800", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "scalance x308-2ld", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic mv500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "scalance x212-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2.5" }, { "model": "scalance xb-200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "scalance xf-200ba", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "scalance x208pro", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2.5" }, { "model": "scalance x204-2ts", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2.5" }, { "model": "scalance x308-2m ts", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xf204 irt", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.5.0" }, { "model": "scalance w700", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic net dk-16xx pn io", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "2.7" }, { "model": "scalance xf202-2p irt", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.5.0" }, { "model": "scalance x307-3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "simatic cfu pa", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.3.1" }, { "model": "scalance x302-7eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "ek-ertec 200p evaluation kit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "scalance xf201-3p irt", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.5.0" }, { "model": "scalance xc-200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "scalance x200-4 p irt", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.5.0" }, { "model": "scalance x204-2ld ts", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2.5" }, { "model": "scalance x204-2ld", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2.5" }, { "model": "scalance xr-300wg", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "scalance xp-200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "scalance x320-3ldfe", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance s615", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "scalance x224", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2.5" }, { "model": "simatic net cp1626", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr324-4m eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xf208", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2.5" }, { "model": "scalance x216", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2.5" }, { "model": "scalance x212-2ld", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2.5" }, { "model": "simatic net cp1616", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "2.7" }, { "model": "scalance xm400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.3.1" }, { "model": "ruggedcom rm1224", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "scalance x202-2 irt", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.5.0" }, { "model": "scalance x204-2fm", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2.5" }, { "model": "scalance x200-4p irt", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "dk standard ethernet controller evaluation kit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance w1700", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance s615", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ek-ertec 200p evaluation kit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance x201-3p irt", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ek-ertec 200 evaluation kit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance w700", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance m-800", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rm1224", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-010133" }, { "db": "NVD", "id": "CVE-2020-28400" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported this vulnerability to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-901" } ], "trust": 0.6 }, "cve": "CVE-2020-28400", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2020-28400", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2020-28400", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2020-28400", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2020-28400", "trust": 1.0, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2020-28400", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2020-28400", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202107-901", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-010133" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-901" }, { "db": "NVD", "id": "CVE-2020-28400" }, { "db": "NVD", "id": "CVE-2020-28400" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of DCP reset packets are sent to the device. Multiple Siemens products contain vulnerabilities in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Siemens SCALANCE S602\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5de5\u4e1a\u5b89\u5168\u8bbe\u5907. \nSiemens\u591a\u6b3e\u4ea7\u54c1 \u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u653b\u51fb\u8005\u6267\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u4ee5\u4e0b\u4ea7\u54c1\u548c\u7248\u672c\u53d7\u5230\u5f71\u54cd\uff1aDevelopment/Evaluation Kits for PROFINET IO\uff1a DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO\uff1a EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO\uff1a EK-ERTEC 200P (All versions), RUGGEDCOM RM1224 (All Versions \uff1c 6.4), SCALANCE M-800 (All Versions \uff1c 6.4), SCALANCE S615 (All Versions \uff1c 6.4), SCALANCE W1700 IEEE 802.11ac (All versions), SCALANCE W700 IEEE 802.11n (All versions), SCALANCE X200-4 P IRT (All Versions \uff1c V5.5.0), SCALANCE X201-3P IRT (All Versions \uff1c V5.5.0), SCALANCE X201-3P IRT PRO (All Versions \uff1c V5.5.0), SCALANCE X202-2 IRT (All Versions \uff1c V5.5.0), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All Versions \uff1c V5.5.0), SCALANCE X202-2P IRT PRO (All Versions \uff1c V5.5.0), SCALANCE X204 IRT (All Versions \uff1c V5.5.0), SCALANCE X204 IRT PRO (All Versions \uff1c V5.5.0), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2FM (All versions), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions), SCALANCE X204-2LD TS (All versions), SCALANCE X204-2TS (All versions), SCALANCE X206-1 (All versions), SCALANCE X206-1LD (incl. SIPLUS NET variant) (All versions), SCALANCE X208 (incl. SIPLUS NET variant) (All versions), SCALANCE X208PRO (All versions), SCALANCE X212-2 (All versions), SCALANCE X212-2LD (All versions), SCALANCE X216 (All versions), SCALANCE X224 (All versions), SCALANCE X302-7EEC (All versions), SCALANCE X304-2FE (All versions), SCALANCE X306-1LDFE (All versions), SCALANCE X307-2EEC (All versions), SCALANCE X307-3 (All versions), SCALANCE X307-3LD (All versions), SCALANCE X308-2 (incl. SIPLUS NET variant) (All versions), SCALANCE X308-2LD (All versions), SCALANCE X308-2LH (All versions), SCALANCE X308-2LH+ (All versions), SCALANCE X308-2M (All versions), SCALANCE X308-2M POE (All versions), SCALANCE X308-2M TS (All versions), SCALANCE X310 (All versions), SCALANCE X310FE (All versions), SCALANCE X320-1FE (All versions), SCALANCE X320-3LDFE (All versions), SCALANCE XB-200 (All versions), SCALANCE XC-200 (All versions), SCALANCE XF-200BA (All versions), SCALANCE XF201-3P IRT (All Versions \uff1c V5.5.0), SCALANCE XF202-2P IRT (All Versions \uff1c V5.5.0), SCALANCE XF204 (All versions), SCALANCE XF204 IRT (All Versions \uff1c V5.5.0), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions), SCALANCE XF204-2BA IRT (All Versions \uff1c V5.5.0), SCALANCE XF206-1 (All versions), SCALANCE XF208 (All versions), SCALANCE XM400 (All versions \uff1c V6.3.1), SCALANCE XP-200 (All versions), SCALANCE XR-300WG (All versions), SCALANCE XR324-12M (All versions), SCALANCE XR324-12M TS (All versions), SCALANCE XR324-4M EEC (All versions), SCALANCE XR324-4M POE (All versions), SCALANCE XR324-4M POE TS (All versions), SCALANCE XR500 (All versions \uff1c V6.3.1), SIMATIC CFU PA (All versions), SIMATIC IE/PB-LINK V3 (All versions), SIMATIC MV500 family (All versions \uff1c V3.0), SIMATIC NET CM 1542-1 (All versions), SIMATIC NET CP1616/CP1604 (All Versions \uff1e= V2.7), SIMATIC NET CP1626 (All versions), SIMATIC NET DK-16xx PN IO (All Versions \uff1e= V2.7), SIMATIC PROFINET Driver (All versions), SIMATIC Power Line Booster PLB, Base Module (MLFB\uff1a 6ES7972-5AA10-0AB0) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All Versions \uff1c V4.5), SIMOCODE proV Ethernet/IP (All versions \uff1c V1.1.3), SIMOCODE proV PROFINET (All versions \uff1c V2.1.3), SOFTNET-IE PNIO (All versions)", "sources": [ { "db": "NVD", "id": "CVE-2020-28400" }, { "db": "JVNDB", "id": "JVNDB-2021-010133" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-901" }, { "db": "VULMON", "id": "CVE-2020-28400" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-28400", "trust": 3.3 }, { "db": "ICS CERT", "id": "ICSA-21-194-03", "trust": 2.4 }, { "db": "SIEMENS", "id": "SSA-599968", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2021-010133", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2401", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021071416", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202107-901", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-28400", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-28400" }, { "db": "JVNDB", "id": "JVNDB-2021-010133" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-901" }, { "db": "NVD", "id": "CVE-2020-28400" } ] }, "id": "VAR-202107-1608", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.5447269509677419 }, "last_update_date": "2024-08-14T12:06:49.974000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-599968", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf" }, { "title": "Siemens Various product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156594" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=77fc0ba2dcd8966c9a1f7eb47b8603ca" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-28400" }, { "db": "JVNDB", "id": "JVNDB-2021-010133" }, { "db": "CNNVD", "id": "CNNVD-202107-901" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-770", "trust": 1.0 }, { "problemtype": "Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-010133" }, { "db": "NVD", "id": "CVE-2020-28400" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.2, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-194-03" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-599968.pdf" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-599968.html" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28400" }, { "trust": 0.8, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-194-03" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/siemens-ruggedcom-simatic-denial-of-service-via-profinet-dcp-reset-35890" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021071416" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2401" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/770.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-599968.txt" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-28400" }, { "db": "JVNDB", "id": "JVNDB-2021-010133" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-901" }, { "db": "NVD", "id": "CVE-2020-28400" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2020-28400" }, { "db": "JVNDB", "id": "JVNDB-2021-010133" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-901" }, { "db": "NVD", "id": "CVE-2020-28400" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2020-28400" }, { "date": "2022-06-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-010133" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-07-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-901" }, { "date": "2021-07-13T11:15:08.960000", "db": "NVD", "id": "CVE-2020-28400" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-07-13T00:00:00", "db": "VULMON", "id": "CVE-2020-28400" }, { "date": "2022-06-22T02:38:00", "db": "JVNDB", "id": "JVNDB-2021-010133" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202107-901" }, { "date": "2024-06-11T09:15:09.487000", "db": "NVD", "id": "CVE-2020-28400" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202107-901" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerability in limiting or non-slotting resource allocation in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-010133" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202107-901" } ], "trust": 1.2 } }
var-202208-0611
Vulnerability from variot
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. SCALANCE M-800 firmware, SCALANCE S615 firmware, SCALANCE SC-600 Multiple Siemens products such as firmware have unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants via mobile networks (e.g. GPRS or UMTS) and have integrated security functions of firewalls to prevent unauthorized access, as well as VPNs to Secure data transmission. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from untrusted network attacks. They allow filtering incoming and outgoing network connections in different ways. The SCALANCE W-1700 product is a wireless communication device based on the IEEE 802.11ac standard. SCALANCE W-700 products are wireless communication devices based on the IEEE 802.11ax standard. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI).
A command injection vulnerability exists in Siemens SCALANCE products, which results from an affected device failing to properly filter input fields. A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600 family (All versions < V2.3.1), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202208-0611", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "scalance xr552-12m 2hr2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc206-2g poe eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc224-4c g \\", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance w700 ieee 802.11ac", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc206-2sfp g \\", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xb216", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr524-8c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xb205-3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc224", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance sc-600", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.1" }, { "model": "scalance xb208", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr324-4m poe ts", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr324wg", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr524-8c l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc206-2sfp g", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc216-4c g eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc216-4c g \\", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr528-6m l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance sc642-2c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.1" }, { "model": "scalance sc632-2c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.1" }, { "model": "scalance xr324-12m ts", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc-200", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr324-4m poe", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr528-6m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xf204-2ba irt", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xm400", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr-300eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc208", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr500", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc216", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp208 \\", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance w700 ieee 802.11n", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xb213-3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc216eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xm408-8c l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp216", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp216poe eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr552-12m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xm416-4c l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc208g \\", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc224-4c g", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr552", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr-300", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc224-4c g eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr328-4c wg", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc206-2g poe", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc206-2sfp g eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp208poe eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr526-8c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc216-4c g", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xb-200", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xb205-3ld", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance sc636-2c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.1" }, { "model": "scalance xc206-2sfp eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp216 \\", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xf204-2ba dna", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xf-200ba", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr528-6m 2hr2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc208eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp208", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xm408-8c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr-300poe", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr552-12m 2hr2 l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc208g poe", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance w700 ieee 802.11ax", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xb213-3ld", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc206-2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xm408-4c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xm408-4c l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr326-2c poe wg", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr552-12", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp208eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr324-12m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr524", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp-200", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance s615", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc208g eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr528-6m 2hr2 l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp216eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr324-4m eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr528", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance sc622-2c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.1" }, { "model": "scalance xc208g", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance sc646-2c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.1" }, { "model": "scalance xc216-4c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance m-800", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xm416-4c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr526-8c l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr526", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr-300wg", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance sc-646-2c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xb205-3", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance sc-600", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xc206-2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xb-200", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance w700 ieee 802.11ax", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xb216", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance sc-622-2c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xc-200", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance m-800", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xb213-3ld", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance sc-632-2c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xb213-3", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance sc-642-2c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance w700 ieee 802.11ac", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance w700 ieee 802.11n", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xb205-3ld", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance sc-636-2c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance s615", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xb208", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance m-800 s615", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "/" }, { "model": "scalance sc-600 family", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.3.1" }, { "model": "scalance w-700 ieee 802.11ax family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance w-700 ieee 802.11n family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance w-1700 ieee 802.11ac family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance xb-200 switch family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance xc-200 switch family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance xf-200ba switch family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance xm-400 family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance xp-200 switch family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance xr-300wg switch family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance xr-500 family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-56476" }, { "db": "JVNDB", "id": "JVNDB-2022-014933" }, { "db": "NVD", "id": "CVE-2022-36323" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens has reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202208-2715" } ], "trust": 0.6 }, "cve": "CVE-2022-36323", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2022-56476", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.3, "id": "CVE-2022-36323", "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.2, "id": "CVE-2022-36323", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "OTHER", "availabilityImpact": "High", "baseScore": 9.1, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2022-014933", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Changed", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "productcert@siemens.com", "id": "CVE-2022-36323", "trust": 1.0, "value": "CRITICAL" }, { "author": "nvd@nist.gov", "id": "CVE-2022-36323", "trust": 1.0, "value": "HIGH" }, { "author": "OTHER", "id": "JVNDB-2022-014933", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2022-56476", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202208-2715", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-56476" }, { "db": "JVNDB", "id": "JVNDB-2022-014933" }, { "db": "CNNVD", "id": "CNNVD-202208-2715" }, { "db": "NVD", "id": "CVE-2022-36323" }, { "db": "NVD", "id": "CVE-2022-36323" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. SCALANCE M-800 firmware, SCALANCE S615 firmware, SCALANCE SC-600 Multiple Siemens products such as firmware have unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants via mobile networks (e.g. GPRS or UMTS) and have integrated security functions of firewalls to prevent unauthorized access, as well as VPNs to Secure data transmission. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from untrusted network attacks. They allow filtering incoming and outgoing network connections in different ways. The SCALANCE W-1700 product is a wireless communication device based on the IEEE 802.11ac standard. SCALANCE W-700 products are wireless communication devices based on the IEEE 802.11ax standard. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI). \n\r\n\r\nA command injection vulnerability exists in Siemens SCALANCE products, which results from an affected device failing to properly filter input fields. A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600 family (All versions \u003c V2.3.1), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions)", "sources": [ { "db": "NVD", "id": "CVE-2022-36323" }, { "db": "JVNDB", "id": "JVNDB-2022-014933" }, { "db": "CNVD", "id": "CNVD-2022-56476" }, { "db": "VULMON", "id": "CVE-2022-36323" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-36323", "trust": 3.9 }, { "db": "SIEMENS", "id": "SSA-710008", "trust": 3.1 }, { "db": "ICS CERT", "id": "ICSA-22-223-07", "trust": 1.5 }, { "db": "JVN", "id": "JVNVU90767165", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-014933", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-56476", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.4032", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202208-2715", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-36323", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-56476" }, { "db": "VULMON", "id": "CVE-2022-36323" }, { "db": "JVNDB", "id": "JVNDB-2022-014933" }, { "db": "CNNVD", "id": "CNNVD-202208-2715" }, { "db": "NVD", "id": "CVE-2022-36323" } ] }, "id": "VAR-202208-0611", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-56476" } ], "trust": 1.2477712656666666 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-56476" } ] }, "last_update_date": "2024-08-14T14:17:45.411000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens SCALANCE product command injection vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/343616" }, { "title": "Siemens SCALANCE Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=243185" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-56476" }, { "db": "CNNVD", "id": "CNNVD-202208-2715" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-74", "trust": 1.0 }, { "problemtype": "others (CWE-Other) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-014933" }, { "db": "NVD", "id": "CVE-2022-36323" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu90767165/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-36323" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-223-07" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-710008.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.4032" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-36323/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-223-07" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/74.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-223-07" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-56476" }, { "db": "VULMON", "id": "CVE-2022-36323" }, { "db": "JVNDB", "id": "JVNDB-2022-014933" }, { "db": "CNNVD", "id": "CNNVD-202208-2715" }, { "db": "NVD", "id": "CVE-2022-36323" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-56476" }, { "db": "VULMON", "id": "CVE-2022-36323" }, { "db": "JVNDB", "id": "JVNDB-2022-014933" }, { "db": "CNNVD", "id": "CNNVD-202208-2715" }, { "db": "NVD", "id": "CVE-2022-36323" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-08-12T00:00:00", "db": "CNVD", "id": "CNVD-2022-56476" }, { "date": "2022-08-10T00:00:00", "db": "VULMON", "id": "CVE-2022-36323" }, { "date": "2023-09-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-014933" }, { "date": "2022-08-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202208-2715" }, { "date": "2022-08-10T12:15:12.863000", "db": "NVD", "id": "CVE-2022-36323" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-08-12T00:00:00", "db": "CNVD", "id": "CNVD-2022-56476" }, { "date": "2022-08-10T00:00:00", "db": "VULMON", "id": "CVE-2022-36323" }, { "date": "2023-09-22T08:25:00", "db": "JVNDB", "id": "JVNDB-2022-014933" }, { "date": "2023-06-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202208-2715" }, { "date": "2023-06-27T19:43:45.920000", "db": "NVD", "id": "CVE-2022-36323" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202208-2715" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-014933" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202208-2715" } ], "trust": 0.6 } }
var-202002-0449
Vulnerability from variot
Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable version of the stack.
The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device. Several Siemens products contain resource exhaustion vulnerabilities.Service operation interruption (DoS) It may be put into a state. Both Siemens SCALANCE X-200IRT and SCALANCE XB-200 are products of the German company Siemens. SCALANCE X-200IRT is an industrial Ethernet switch. SCALANCE XB-200 is a managed industrial Ethernet switch. The vulnerability stems from the program's failure to limit the allocation of memory resources. A remote attacker can use the vulnerability by sending a specially crafted package to cause a denial of service. A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All Versions < V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All Versions < V4.6), PROFINET Driver for Controller (All Versions < V2.1), RUGGEDCOM RM1224 (All versions < V4.3), SCALANCE M-800 / S615 (All versions < V4.3), SCALANCE W700 IEEE 802.11n (All versions <= V6.0.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All Versions < V5.3), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG (All Versions < V3.0), SCALANCE XM-400 switch family (All Versions < V6.0), SCALANCE XR-500 switch family (All Versions < V6.0), SIMATIC CP 1616 and CP 1604 (All Versions < V2.8), SIMATIC CP 343-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 LEAN (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET200AL IM 157-1 PN (All versions), SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants) (All versions), SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All Versions < V4.2.0), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All Versions < V3.3.1), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All Versions < V4.1.0), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro, IM 154-3 PN HF (All versions), SIMATIC ET200pro, IM 154-4 PN HF (All versions), SIMATIC IPC Support, Package for VxWorks (All versions), SIMATIC MV400 family (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All Versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions), SIMATIC RF600 family (All versions < V3), SINAMICS DCP (All Versions < V1.3), SOFTNET-IE PNIO (All versions)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0449", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "scalance xb-200", "scope": "lt", "trust": 1.6, "vendor": "siemens", "version": "3.0" }, { "model": "scalance xc-200", "scope": "lt", "trust": 1.6, "vendor": "siemens", "version": "3.0" }, { "model": "scalance xp-200", "scope": "lt", "trust": 1.6, "vendor": "siemens", "version": "3.0" }, { "model": "scalance xf-200ba", "scope": "lt", "trust": 1.6, "vendor": "siemens", "version": "3.0" }, { "model": "scalance xr-300wg", "scope": "lt", "trust": 1.6, "vendor": "siemens", "version": "3.0" }, { "model": "sinamics dcp", "scope": "lt", "trust": 1.6, "vendor": "siemens", "version": "1.3" }, { "model": "ruggedcom rm1224", "scope": "lt", "trust": 1.6, "vendor": "siemens", "version": "4.3" }, { "model": "simatic et200mp im155-5 pn hf", "scope": "lt", "trust": 1.6, "vendor": "siemens", "version": "4.2.0" }, { "model": "simatic et200mp im155-5 pn st", "scope": "lt", "trust": 1.6, "vendor": "siemens", "version": "4.1.0" }, { "model": "simatic et200sp im155-6 pn hf", "scope": "lt", "trust": 1.6, "vendor": "siemens", "version": "3.3.1" }, { "model": "simatic et200sp im155-6 pn st", "scope": "lt", "trust": 1.6, "vendor": "siemens", "version": "4.1.0" }, { "model": "simatic cp 443-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic et200pro", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "dk standard ethernet controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic et200m im153-4 pn io st", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xm-400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.0" }, { "model": "scalance xb-200", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr528", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.0" }, { "model": "simatic et200al im 157-1 pn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance x-300", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance m-800", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "scalance x-200irt", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.3" }, { "model": "simatic cp 1616", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.8" }, { "model": "simatic mv440", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "profinet driver", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "scalance s615", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "ek-ertec 200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "simatic et200m im153-4 pn io hf", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic et200ecopn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "im 154-4 pn hf", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "ek-ertec 200p", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.6" }, { "model": "simatic cp 1604", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.8" }, { "model": "scalance xc-200", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr526", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.0" }, { "model": "simatic cp 343-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic et200s", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic ipc support", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr524", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.0" }, { "model": "simatic mv420", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic rf182c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic pn\\/pn coupler", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 343-1 advanced", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic rf180c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp-200", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 443-1 advanced", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr552", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.0" }, { "model": "simatic cp 343-1 erpc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic rf600", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic cp 443-1 opc ua", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "im 154-3 pn hf", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance x-400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.0" }, { "model": "simatic cp 343-1 lean", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance w700 ieee 802.11n", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "6.0.1" }, { "model": "simatic et200sp im155-6 pn basic", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xf-200", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "dk standard ethernet controller", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ek-ertec 200", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ek-ertec 200p p", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "profinet driver", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ruggedcom rm1224", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance m-800", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance s615", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance w700 ieee 802.11n", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance xc-200", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic ipc support", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp lean", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "343-1" }, { "model": "simatic cp advanced", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "343-1" }, { "model": "simatic rf182c", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic pn/pn coupler 6es7158-3ad01-0xa0", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1616\u003c2.8" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1604\u003c2.8" }, { "model": "simatic cp advanced", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1" }, { "model": "development/evaluation kits for profinet io dk standard ethernet controller", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "development/evaluation kits for profinet io ek-ertec", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "200\u003c4.5" }, { "model": "development/evaluation kits for profinet io ek-ertec 200p", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.6" }, { "model": "profinet driver for controller", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "2.1" }, { "model": "scalance m-800/s615", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "4.3" }, { "model": "scalance w700 ieee 802.11n", "scope": "lte", "trust": 0.6, "vendor": "siemens", "version": "\u003c=6.0.1" }, { "model": "scalance switch", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "x-200" }, { "model": "scalance x-200irt switch", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "5.3" }, { "model": "scalance switch", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "x-300" }, { "model": "scalance xm-400 switch", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "6.0" }, { "model": "scalance xr-500 switch", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "6.0" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "343-1" }, { "model": "simatic cp erpc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "343-1" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1" }, { "model": "simatic cp opc ua", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1" }, { "model": "simatic et200al im pn", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "157-1" }, { "model": "simatic et200m im153-4 pn io hf", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic et200m im153-4 pn io st", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic et200s", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic et200sp im155-6 pn basic", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic et200ecopn", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic ipc support,package for vxworks", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic et200pro,im pn hf", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "154-3" }, { "model": "simatic et200pro,im pn hf", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "154-4" }, { "model": "simatic mv400", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic rf180c", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic rf600", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "3" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "scalance xp 200", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "scalance xb 200", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "scalance xr 300wg", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "scalance xc 200", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "dk standard ethernet controller", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "profinet driver", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic ipc support", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x 200irt", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x 200irt pro", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x 300", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance xr 300", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ek ertec 200", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance xf 200ba", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x 400", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance xm 400", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance xr524", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance xr526", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance xr528", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance xr552", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1616", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1604", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ek ertec 200p", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 343 1", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 343 1 advanced", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 343 1 erpc", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 343 1 lean", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 443 1", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 443 1 advanced", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 443 1 opc ua", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et200al im 157 1 pn", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et200m im153 4 pn io hf", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et200m im153 4 pn io st", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ruggedcom rm1224", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et200mp im155 5 pn hf", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et200mp im155 5 pn st", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et200s", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et200sp im155 6 pn basic", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et200sp im155 6 pn hf", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et200sp im155 6 pn st", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et200ecopn", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et200pro", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "im 154 3 pn hf", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "im 154 4 pn hf", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance m 800", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic mv440", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic mv420", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic pn pn coupler", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf180c", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf182c", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf600", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics dcp", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance s615", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance w700 ieee 802 11n", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance xf 200", "version": "*" } ], "sources": [ { "db": "IVD", "id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9" }, { "db": "CNVD", "id": "CNVD-2020-23039" }, { "db": "JVNDB", "id": "JVNDB-2019-014603" }, { "db": "NVD", "id": "CVE-2019-13946" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:siemens:dk_standard_ethernet_controller_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:ek-ertec_200_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:ek-ertec_200p_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/a:siemens:profinet_driver", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:ruggedcom_rm1224_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_m-800_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_s615_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_w700_ieee_802.11n_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:scalance_xc-200_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/a:siemens:simatic_ipc_support", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014603" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Yuval Ardon and Matan Dobrushin of OTORIO reported this vulnerability to CISA and Siemens.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202002-455" } ], "trust": 0.6 }, "cve": "CVE-2019-13946", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2019-13946", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2019-014603", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2020-23039", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.9 [IVD]" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2019-13946", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2019-014603", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-13946", "trust": 1.0, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2019-13946", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "JVNDB-2019-014603", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2020-23039", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202002-455", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9", "trust": 0.2, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2019-13946", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "IVD", "id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9" }, { "db": "CNVD", "id": "CNVD-2020-23039" }, { "db": "VULMON", "id": "CVE-2019-13946" }, { "db": "JVNDB", "id": "JVNDB-2019-014603" }, { "db": "CNNVD", "id": "CNNVD-202002-455" }, { "db": "NVD", "id": "CVE-2019-13946" }, { "db": "NVD", "id": "CVE-2019-13946" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Profinet-IO (PNIO) stack versions prior V06.00 do not properly limit\ninternal resource allocation when multiple legitimate diagnostic package\nrequests are sent to the DCE-RPC interface. \nThis could lead to a denial of service condition due to lack of memory\nfor devices that include a vulnerable version of the stack. \n\nThe security vulnerability could be exploited by an attacker with network\naccess to an affected device. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise the availability of the device. Several Siemens products contain resource exhaustion vulnerabilities.Service operation interruption (DoS) It may be put into a state. Both Siemens SCALANCE X-200IRT and SCALANCE XB-200 are products of the German company Siemens. SCALANCE X-200IRT is an industrial Ethernet switch. SCALANCE XB-200 is a managed industrial Ethernet switch. The vulnerability stems from the program\u0027s failure to limit the allocation of memory resources. A remote attacker can use the vulnerability by sending a specially crafted package to cause a denial of service. A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All Versions \u003c V4.5), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All Versions \u003c V4.6), PROFINET Driver for Controller (All Versions \u003c V2.1), RUGGEDCOM RM1224 (All versions \u003c V4.3), SCALANCE M-800 / S615 (All versions \u003c V4.3), SCALANCE W700 IEEE 802.11n (All versions \u003c= V6.0.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All Versions \u003c V5.3), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG (All Versions \u003c V3.0), SCALANCE XM-400 switch family (All Versions \u003c V6.0), SCALANCE XR-500 switch family (All Versions \u003c V6.0), SIMATIC CP 1616 and CP 1604 (All Versions \u003c V2.8), SIMATIC CP 343-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 LEAN (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET200AL IM 157-1 PN (All versions), SIMATIC ET200M IM153-4 PN IO HF (incl. SIPLUS variants) (All versions), SIMATIC ET200M IM153-4 PN IO ST (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All Versions \u003c V4.2.0), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All Versions \u003c V4.1.0), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN Basic (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All Versions \u003c V3.3.1), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All Versions \u003c V4.1.0), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro, IM 154-3 PN HF (All versions), SIMATIC ET200pro, IM 154-4 PN HF (All versions), SIMATIC IPC Support, Package for VxWorks (All versions), SIMATIC MV400 family (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All Versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions), SIMATIC RF600 family (All versions \u003c V3), SINAMICS DCP (All Versions \u003c V1.3), SOFTNET-IE PNIO (All versions)", "sources": [ { "db": "NVD", "id": "CVE-2019-13946" }, { "db": "JVNDB", "id": "JVNDB-2019-014603" }, { "db": "CNVD", "id": "CNVD-2020-23039" }, { "db": "IVD", "id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9" }, { "db": "VULMON", "id": "CVE-2019-13946" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-13946", "trust": 3.3 }, { "db": "SIEMENS", "id": "SSA-780073", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-20-042-04", "trust": 1.5 }, { "db": "ICS CERT", "id": "ICSA-20-042-05", "trust": 1.2 }, { "db": "CNVD", "id": "CNVD-2020-23039", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202002-455", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-014603", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-20-042-08", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-07", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-03", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-09", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-02", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-06", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-01", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-042-10", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0486", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0486.2", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.0486.3", "trust": 0.6 }, { "db": "IVD", "id": "1044E3A5-DC26-4D11-BF22-4B3EB64F5CC9", "trust": 0.2 }, { "db": "VULMON", "id": "CVE-2019-13946", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9" }, { "db": "CNVD", "id": "CNVD-2020-23039" }, { "db": "VULMON", "id": "CVE-2019-13946" }, { "db": "JVNDB", "id": "JVNDB-2019-014603" }, { "db": "CNNVD", "id": "CNNVD-202002-455" }, { "db": "NVD", "id": "CVE-2019-13946" } ] }, "id": "VAR-202002-0449", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9" }, { "db": "CNVD", "id": "CNVD-2020-23039" } ], "trust": 1.578657311794872 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS", "Network device" ], "sub_category": null, "trust": 0.6 }, { "category": [ "ICS" ], "sub_category": null, "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9" }, { "db": "CNVD", "id": "CNVD-2020-23039" } ] }, "last_update_date": "2024-11-23T21:20:13.631000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-780073", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf" }, { "title": "Patch for Multiple Siemens product resource management error vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/214023" }, { "title": "Multiple Siemens Product resource management error vulnerability fixes", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=108751" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=8b423421a5be04457be73209a34b15cb" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-23039" }, { "db": "VULMON", "id": "CVE-2019-13946" }, { "db": "JVNDB", "id": "JVNDB-2019-014603" }, { "db": "CNNVD", "id": "CNNVD-202002-455" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014603" }, { "db": "NVD", "id": "CVE-2019-13946" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.1, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-04" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13946" }, { "trust": 1.2, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-05" }, { "trust": 1.0, "url": "https://cert-portal.siemens.com/productcert/html/ssa-780073.html" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13946" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-09" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-08" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-06" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-03" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-02" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-01" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0486/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0486.2/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.0486.3/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-042-04" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/400.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-042-04" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2020-23039" }, { "db": "VULMON", "id": "CVE-2019-13946" }, { "db": "JVNDB", "id": "JVNDB-2019-014603" }, { "db": "CNNVD", "id": "CNNVD-202002-455" }, { "db": "NVD", "id": "CVE-2019-13946" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9" }, { "db": "CNVD", "id": "CNVD-2020-23039" }, { "db": "VULMON", "id": "CVE-2019-13946" }, { "db": "JVNDB", "id": "JVNDB-2019-014603" }, { "db": "CNNVD", "id": "CNNVD-202002-455" }, { "db": "NVD", "id": "CVE-2019-13946" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-11T00:00:00", "db": "IVD", "id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9" }, { "date": "2020-04-16T00:00:00", "db": "CNVD", "id": "CNVD-2020-23039" }, { "date": "2020-02-11T00:00:00", "db": "VULMON", "id": "CVE-2019-13946" }, { "date": "2020-03-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014603" }, { "date": "2020-02-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202002-455" }, { "date": "2020-02-11T16:15:15.023000", "db": "NVD", "id": "CVE-2019-13946" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-04-16T00:00:00", "db": "CNVD", "id": "CNVD-2020-23039" }, { "date": "2022-04-12T00:00:00", "db": "VULMON", "id": "CVE-2019-13946" }, { "date": "2020-03-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-014603" }, { "date": "2023-04-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202002-455" }, { "date": "2024-11-21T04:25:45.080000", "db": "NVD", "id": "CVE-2019-13946" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202002-455" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Resource exhaustion vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-014603" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Resource management error", "sources": [ { "db": "IVD", "id": "1044e3a5-dc26-4d11-bf22-4b3eb64f5cc9" }, { "db": "CNNVD", "id": "CNNVD-202002-455" } ], "trust": 0.8 } }
var-202208-0610
Vulnerability from variot
Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack. SCALANCE M-800 firmware, SCALANCE S615 firmware, scalance w700 ieee 802.11ax Multiple Siemens products, including firmware, contain vulnerabilities related to limited or unthrottled resource allocation.Service operation interruption (DoS) It may be in a state. The SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants via mobile networks (e.g. GPRS or UMTS) and have integrated security functions for firewalls to prevent unauthorized access, as well as VPN to Secure data transmission. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from untrusted network attacks. They allow filtering incoming and outgoing network connections in different ways. The SCALANCE W-1700 product is a wireless communication device based on the IEEE 802.11ac standard. SCALANCE W-700 products are wireless communication devices based on the IEEE 802.11ax standard. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI). A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202208-0610", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "scalance xc206-2sfp g", "scope": null, "trust": 1.6, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xr552-12m 2hr2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc206-2g poe eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc224-4c g \\", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance w700 ieee 802.11ac", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc206-2sfp g \\", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xb216", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr524-8c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xb205-3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc224", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xb208", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr324-4m poe ts", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr324wg", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr524-8c l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc206-2sfp g", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc216-4c g eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc216-4c g \\", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr528-6m l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr324-12m ts", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc-200", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr324-4m poe", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr528-6m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xf204-2ba irt", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xm400", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr-300eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc208", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr500", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc216", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp208 \\", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance w700 ieee 802.11n", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xb213-3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc216eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xm408-8c l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp216", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp216poe eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr552-12m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xm416-4c l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc208g \\", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc224-4c g", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr552", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr-300", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc224-4c g eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr328-4c wg", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc206-2g poe", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc206-2sfp g eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp208poe eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr526-8c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc216-4c g", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xb-200", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xb205-3ld", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc206-2sfp eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp216 \\", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xf204-2ba dna", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xf-200ba", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr528-6m 2hr2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc208eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp208", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xm408-8c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr-300poe", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr552-12m 2hr2 l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc208g poe", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance w700 ieee 802.11ax", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xb213-3ld", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc206-2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xm408-4c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xm408-4c l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr326-2c poe wg", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr552-12", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp208eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr324-12m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr524", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp-200", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance s615", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc208g eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr528-6m 2hr2 l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp216eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr324-4m eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr528", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc208g", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc216-4c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance m-800", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xm416-4c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr526-8c l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr526", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr-300wg", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xb205-3", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xc206-2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xb-200", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xb216", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance w700 ieee 802.11ax", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xc-200", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xc206-2sfp g eec", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance m-800", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xb213-3ld", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xb213-3", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xc206-2g poe eec", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance w700 ieee 802.11n", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance w700 ieee 802.11ac", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xb205-3ld", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance s615", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xc206-2sfp eec", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xb208", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xc206-2g poe", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance m-800 s615", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "/" }, { "model": "scalance w-700 ieee 802.11ax family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance w-700 ieee 802.11n family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance w-1700 ieee 802.11ac family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance xb-200 switch family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance xc-200 switch family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance xf-200ba switch family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance xm-400 family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance xp-200 switch family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance xr-300wg switch family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance xr-500 family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-56475" }, { "db": "JVNDB", "id": "JVNDB-2022-014932" }, { "db": "NVD", "id": "CVE-2022-36324" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens has reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202208-2714" } ], "trust": 0.6 }, "cve": "CVE-2022-36324", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2022-56475", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2022-36324", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2022-36324", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-36324", "trust": 1.0, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2022-36324", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2022-36324", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2022-56475", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202208-2714", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-56475" }, { "db": "JVNDB", "id": "JVNDB-2022-014932" }, { "db": "CNNVD", "id": "CNNVD-202208-2714" }, { "db": "NVD", "id": "CVE-2022-36324" }, { "db": "NVD", "id": "CVE-2022-36324" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack. SCALANCE M-800 firmware, SCALANCE S615 firmware, scalance w700 ieee 802.11ax Multiple Siemens products, including firmware, contain vulnerabilities related to limited or unthrottled resource allocation.Service operation interruption (DoS) It may be in a state. The SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants via mobile networks (e.g. GPRS or UMTS) and have integrated security functions for firewalls to prevent unauthorized access, as well as VPN to Secure data transmission. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from untrusted network attacks. They allow filtering incoming and outgoing network connections in different ways. The SCALANCE W-1700 product is a wireless communication device based on the IEEE 802.11ac standard. SCALANCE W-700 products are wireless communication devices based on the IEEE 802.11ax standard. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI). A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions)", "sources": [ { "db": "NVD", "id": "CVE-2022-36324" }, { "db": "JVNDB", "id": "JVNDB-2022-014932" }, { "db": "CNVD", "id": "CNVD-2022-56475" }, { "db": "VULMON", "id": "CVE-2022-36324" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-36324", "trust": 3.9 }, { "db": "SIEMENS", "id": "SSA-710008", "trust": 3.1 }, { "db": "ICS CERT", "id": "ICSA-22-223-07", "trust": 1.5 }, { "db": "JVN", "id": "JVNVU90767165", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-014932", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-56475", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.4032", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202208-2714", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-36324", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-56475" }, { "db": "VULMON", "id": "CVE-2022-36324" }, { "db": "JVNDB", "id": "JVNDB-2022-014932" }, { "db": "CNNVD", "id": "CNNVD-202208-2714" }, { "db": "NVD", "id": "CVE-2022-36324" } ] }, "id": "VAR-202208-0610", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-56475" } ], "trust": 1.2363483332142855 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-56475" } ] }, "last_update_date": "2024-08-14T14:17:48.847000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Unknown Vulnerability in Siemens SCALANCE Products", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/343621" }, { "title": "Multiple Siemens SCALANCE Product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=207453" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-56475" }, { "db": "CNNVD", "id": "CNNVD-202208-2714" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-770", "trust": 1.0 }, { "problemtype": "Allocation of resources without limits or throttling (CWE-770) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-014932" }, { "db": "NVD", "id": "CVE-2022-36324" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu90767165/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-36324" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-223-07" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-710008.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.4032" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-36324/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-223-07" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/770.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-223-07" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-56475" }, { "db": "VULMON", "id": "CVE-2022-36324" }, { "db": "JVNDB", "id": "JVNDB-2022-014932" }, { "db": "CNNVD", "id": "CNNVD-202208-2714" }, { "db": "NVD", "id": "CVE-2022-36324" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-56475" }, { "db": "VULMON", "id": "CVE-2022-36324" }, { "db": "JVNDB", "id": "JVNDB-2022-014932" }, { "db": "CNNVD", "id": "CNNVD-202208-2714" }, { "db": "NVD", "id": "CVE-2022-36324" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-08-12T00:00:00", "db": "CNVD", "id": "CNVD-2022-56475" }, { "date": "2022-08-10T00:00:00", "db": "VULMON", "id": "CVE-2022-36324" }, { "date": "2023-09-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-014932" }, { "date": "2022-08-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202208-2714" }, { "date": "2022-08-10T12:15:12.930000", "db": "NVD", "id": "CVE-2022-36324" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-08-12T00:00:00", "db": "CNVD", "id": "CNVD-2022-56475" }, { "date": "2022-08-10T00:00:00", "db": "VULMON", "id": "CVE-2022-36324" }, { "date": "2023-09-22T08:25:00", "db": "JVNDB", "id": "JVNDB-2022-014932" }, { "date": "2022-09-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202208-2714" }, { "date": "2023-02-23T16:19:42.137000", "db": "NVD", "id": "CVE-2022-36324" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202208-2714" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerability in limiting or non-slotting resource allocation in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-014932" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202208-2714" } ], "trust": 0.6 } }
var-202103-0982
Vulnerability from variot
A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC-200 (All versions < V4.1), SCALANCE XF-200BA (All versions < V4.1), SCALANCE XM400 (All versions < V6.2), SCALANCE XP-200 (All versions < V4.1), SCALANCE XR-300WG (All versions < V4.1), SCALANCE XR500 (All versions < V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active. plural Siemens The product contains a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from attacks from untrusted networks. SCALANCE M-800/S615 industrial routers are used for secure remote access to the factory through mobilenetworks (such as GPRS or UMTS). It has an integrated security function of firewall to prevent unauthorized access, and VPN can protect data transmission. SCALANCE X switches are used to connect industrial components, such as programmable logic controllers (PLC) or human machine interfaces (HMI). RUGGEDCOM RM1224 is a 4G router for wireless IP communication from Ethernet-based devices via LTE (4G)-mobile radio.
Siemens SCALANCE and RuggedCmd devices have stack overflow vulnerabilities
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0982", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "scalance m-800", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "4.3" }, { "model": "scalance s615", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "4.3" }, { "model": "scalance xm400", "scope": "lt", "trust": 1.6, "vendor": "siemens", "version": "6.2" }, { "model": "scalance xr500", "scope": "lt", "trust": 1.6, "vendor": "siemens", "version": "6.2" }, { "model": "ruggedcom rm1224", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "4.3" }, { "model": "scalance x300wg", "scope": "lt", "trust": 1.6, "vendor": "siemens", "version": "4.1" }, { "model": "scalance sc642-2c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1.3" }, { "model": "scalance sc622-2c", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "scalance sc636-2c", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "scalance xc-200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance sc646-2c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1.3" }, { "model": "scalance sc642-2c", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "scalance sc632-2c", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "scalance sc642-2c", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "scalance sc632-2c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1.3" }, { "model": "scalance xf-200ba", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance xp-200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance sc646-2c", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "scalance sc636-2c", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "ruggedcom rm1224", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "scalance m-800", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "scalance xb-200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance sc622-2c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1.3" }, { "model": "scalance sc646-2c", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "scalance sc632-2c", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "scalance sc622-2c", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "scalance s615", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "scalance sc636-2c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1.3" }, { "model": "scalance sc-646-2c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance sc-622-2c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xm400", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance s615", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance m-800", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance sc-642-2c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "ruggedcom rm1224", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance sc-632-2c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xr500", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance sc-636-2c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance sc-600 family", "scope": "gte", "trust": 0.6, "vendor": "siemens", "version": "2.0,\u003c2.1.3" }, { "model": "scalance family", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "xx200\u003c4.1" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-16434" }, { "db": "JVNDB", "id": "JVNDB-2021-004470" }, { "db": "NVD", "id": "CVE-2021-25667" } ] }, "cve": "CVE-2021-25667", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.5, "id": "CVE-2021-25667", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 6.5, "id": "CNVD-2021-16434", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "ADJACENT", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2021-25667", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Adjacent Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-25667", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-25667", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2021-25667", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2021-16434", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202103-683", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2021-25667", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-16434" }, { "db": "VULMON", "id": "CVE-2021-25667" }, { "db": "JVNDB", "id": "JVNDB-2021-004470" }, { "db": "CNNVD", "id": "CNNVD-202103-683" }, { "db": "NVD", "id": "CVE-2021-25667" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in RUGGEDCOM RM1224 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE M-800 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE S615 (All versions \u003e= V4.3 and \u003c V6.4), SCALANCE SC-600 Family (All versions \u003e= V2.0 and \u003c V2.1.3), SCALANCE XB-200 (All versions \u003c V4.1), SCALANCE XC-200 (All versions \u003c V4.1), SCALANCE XF-200BA (All versions \u003c V4.1), SCALANCE XM400 (All versions \u003c V6.2), SCALANCE XP-200 (All versions \u003c V4.1), SCALANCE XR-300WG (All versions \u003c V4.1), SCALANCE XR500 (All versions \u003c V6.2). Affected devices contain a stack-based buffer overflow vulnerability in the handling of STP BPDU frames that could allow a remote attacker to trigger a denial-of-service condition or potentially remote code execution. Successful exploitation requires the passive listening feature of the device to be active. plural Siemens The product contains a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from attacks from untrusted networks. SCALANCE M-800/S615 industrial routers are used for secure remote access to the factory through mobilenetworks (such as GPRS or UMTS). It has an integrated security function of firewall to prevent unauthorized access, and VPN can protect data transmission. SCALANCE X switches are used to connect industrial components, such as programmable logic controllers (PLC) or human machine interfaces (HMI). RUGGEDCOM RM1224 is a 4G router for wireless IP communication from Ethernet-based devices via LTE (4G)-mobile radio. \n\r\n\r\nSiemens SCALANCE and RuggedCmd devices have stack overflow vulnerabilities", "sources": [ { "db": "NVD", "id": "CVE-2021-25667" }, { "db": "JVNDB", "id": "JVNDB-2021-004470" }, { "db": "CNVD", "id": "CNVD-2021-16434" }, { "db": "VULMON", "id": "CVE-2021-25667" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-25667", "trust": 3.1 }, { "db": "ICS CERT", "id": "ICSA-21-068-03", "trust": 2.5 }, { "db": "SIEMENS", "id": "SSA-979775", "trust": 2.3 }, { "db": "JVN", "id": "JVNVU93441670", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-004470", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2021-16434", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0846", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202103-683", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-25667", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-16434" }, { "db": "VULMON", "id": "CVE-2021-25667" }, { "db": "JVNDB", "id": "JVNDB-2021-004470" }, { "db": "CNNVD", "id": "CNNVD-202103-683" }, { "db": "NVD", "id": "CVE-2021-25667" } ] }, "id": "VAR-202103-0982", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-16434" } ], "trust": 1.1865065119999998 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-16434" } ] }, "last_update_date": "2024-11-23T21:12:41.416000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-979775", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf" }, { "title": "Siemens RUGGEDCOM RM1224 Buffer error vulnerability fix", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144543" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=02a3bef451a548084110a18d27dea153" }, { "title": "", "trust": 0.1, "url": "https://github.com/Live-Hack-CVE/CVE-2021-25667 " }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/namewreck-bugs-businesses/165385/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-25667" }, { "db": "JVNDB", "id": "JVNDB-2021-004470" }, { "db": "CNNVD", "id": "CNNVD-202103-683" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-121", "trust": 1.0 }, { "problemtype": "CWE-787", "trust": 1.0 }, { "problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-004470" }, { "db": "NVD", "id": "CVE-2021-25667" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-068-03" }, { "trust": 2.3, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979775.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25667" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93441670/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/siemens-ruggedcom-rm1224-buffer-overflow-via-stp-bpdu-frames-34782" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0846" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/121.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2021-25667" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://threatpost.com/namewreck-bugs-businesses/165385/" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-979775.txt" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-16434" }, { "db": "VULMON", "id": "CVE-2021-25667" }, { "db": "JVNDB", "id": "JVNDB-2021-004470" }, { "db": "CNNVD", "id": "CNNVD-202103-683" }, { "db": "NVD", "id": "CVE-2021-25667" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-16434" }, { "db": "VULMON", "id": "CVE-2021-25667" }, { "db": "JVNDB", "id": "JVNDB-2021-004470" }, { "db": "CNNVD", "id": "CNNVD-202103-683" }, { "db": "NVD", "id": "CVE-2021-25667" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-03-11T00:00:00", "db": "CNVD", "id": "CNVD-2021-16434" }, { "date": "2021-03-15T00:00:00", "db": "VULMON", "id": "CVE-2021-25667" }, { "date": "2021-11-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-004470" }, { "date": "2021-03-09T00:00:00", "db": "CNNVD", "id": "CNNVD-202103-683" }, { "date": "2021-03-15T17:15:21.690000", "db": "NVD", "id": "CVE-2021-25667" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-03-23T00:00:00", "db": "CNVD", "id": "CNVD-2021-16434" }, { "date": "2022-10-19T00:00:00", "db": "VULMON", "id": "CVE-2021-25667" }, { "date": "2021-11-22T09:03:00", "db": "JVNDB", "id": "JVNDB-2021-004470" }, { "date": "2021-04-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202103-683" }, { "date": "2024-11-21T05:55:15.360000", "db": "NVD", "id": "CVE-2021-25667" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202103-683" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural \u00a0Siemens\u00a0 Out-of-bounds write vulnerabilities in the product", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-004470" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202103-683" } ], "trust": 0.6 } }
var-202208-0612
Vulnerability from variot
Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS. SCALANCE M-800 firmware, SCALANCE S615 firmware, SCALANCE SC-600 Multiple Siemens products such as firmware have unspecified vulnerabilities.Information may be obtained and information may be tampered with. SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants via mobile networks (e.g. GPRS or UMTS) and have integrated security functions of firewalls to prevent unauthorized access, as well as VPNs to Secure data transmission. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from untrusted network attacks. They allow filtering incoming and outgoing network connections in different ways. The SCALANCE W-1700 product is a wireless communication device based on the IEEE 802.11ac standard. SCALANCE W-700 products are wireless communication devices based on the IEEE 802.11ax standard. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI). A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600 family (All versions < V2.3.1), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202208-0612", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "scalance xr552-12m 2hr2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc206-2g poe eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc224-4c g \\", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance w700 ieee 802.11ac", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc206-2sfp g \\", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xb216", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr524-8c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xb205-3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc224", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance sc-600", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.1" }, { "model": "scalance xb208", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr324-4m poe ts", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr324wg", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr524-8c l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc206-2sfp g", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc216-4c g eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc216-4c g \\", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr528-6m l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance sc642-2c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.1" }, { "model": "scalance sc632-2c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.1" }, { "model": "scalance xr324-12m ts", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc-200", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr324-4m poe", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr528-6m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xf204-2ba irt", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xm400", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr-300eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc208", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr500", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc216", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp208 \\", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance w700 ieee 802.11n", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xb213-3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc216eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xm408-8c l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp216", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp216poe eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr552-12m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xm416-4c l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc208g \\", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc224-4c g", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr552", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr-300", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc224-4c g eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr328-4c wg", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc206-2g poe", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc206-2sfp g eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp208poe eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr526-8c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc216-4c g", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xb-200", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xb205-3ld", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance sc636-2c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.1" }, { "model": "scalance xc206-2sfp eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp216 \\", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xf204-2ba dna", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xf-200ba", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr528-6m 2hr2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc208eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp208", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xm408-8c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr-300poe", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr552-12m 2hr2 l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc208g poe", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance w700 ieee 802.11ax", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xb213-3ld", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc206-2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xm408-4c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xm408-4c l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr326-2c poe wg", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr552-12", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp208eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr324-12m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr524", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp-200", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance s615", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xc208g eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr528-6m 2hr2 l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xp216eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr324-4m eec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr528", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance sc622-2c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.1" }, { "model": "scalance xc208g", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance sc646-2c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3.1" }, { "model": "scalance xc216-4c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance m-800", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xm416-4c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr526-8c l3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr526", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance xr-300wg", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance sc-646-2c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xb205-3", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance sc-600", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xc206-2", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xb-200", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance w700 ieee 802.11ax", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xb216", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance sc-622-2c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xc-200", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance m-800", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xb213-3ld", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance sc-632-2c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xb213-3", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance sc-642-2c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance w700 ieee 802.11ac", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance w700 ieee 802.11n", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xb205-3ld", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance sc-636-2c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance s615", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance xb208", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "scalance m-800 s615", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "/" }, { "model": "scalance sc-600 family", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.3.1" }, { "model": "scalance w-700 ieee 802.11ax family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance w-700 ieee 802.11n family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance w-1700 ieee 802.11ac family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance xb-200 switch family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance xc-200 switch family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance xf-200ba switch family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance xm-400 family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance xp-200 switch family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance xr-300wg switch family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "scalance xr-500 family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-56474" }, { "db": "JVNDB", "id": "JVNDB-2022-014931" }, { "db": "NVD", "id": "CVE-2022-36325" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens has reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202208-2711" } ], "trust": 0.6 }, "cve": "CVE-2022-36325", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2022-56474", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 1.7, "id": "CVE-2022-36325", "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.9, "id": "CVE-2022-36325", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.8, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2022-36325", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "High", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2022-36325", "trust": 1.0, "value": "MEDIUM" }, { "author": "productcert@siemens.com", "id": "CVE-2022-36325", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2022-36325", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2022-56474", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202208-2711", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-56474" }, { "db": "JVNDB", "id": "JVNDB-2022-014931" }, { "db": "CNNVD", "id": "CNNVD-202208-2711" }, { "db": "NVD", "id": "CVE-2022-36325" }, { "db": "NVD", "id": "CVE-2022-36325" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS. SCALANCE M-800 firmware, SCALANCE S615 firmware, SCALANCE SC-600 Multiple Siemens products such as firmware have unspecified vulnerabilities.Information may be obtained and information may be tampered with. SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants via mobile networks (e.g. GPRS or UMTS) and have integrated security functions of firewalls to prevent unauthorized access, as well as VPNs to Secure data transmission. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from untrusted network attacks. They allow filtering incoming and outgoing network connections in different ways. The SCALANCE W-1700 product is a wireless communication device based on the IEEE 802.11ac standard. SCALANCE W-700 products are wireless communication devices based on the IEEE 802.11ax standard. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI). A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600 family (All versions \u003c V2.3.1), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions)", "sources": [ { "db": "NVD", "id": "CVE-2022-36325" }, { "db": "JVNDB", "id": "JVNDB-2022-014931" }, { "db": "CNVD", "id": "CNVD-2022-56474" }, { "db": "VULMON", "id": "CVE-2022-36325" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-36325", "trust": 3.9 }, { "db": "SIEMENS", "id": "SSA-710008", "trust": 3.1 }, { "db": "ICS CERT", "id": "ICSA-22-223-07", "trust": 1.5 }, { "db": "JVN", "id": "JVNVU90767165", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-014931", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2022-56474", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.4032", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202208-2711", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-36325", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-56474" }, { "db": "VULMON", "id": "CVE-2022-36325" }, { "db": "JVNDB", "id": "JVNDB-2022-014931" }, { "db": "CNNVD", "id": "CNNVD-202208-2711" }, { "db": "NVD", "id": "CVE-2022-36325" } ] }, "id": "VAR-202208-0612", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-56474" } ], "trust": 1.2477712656666666 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-56474" } ] }, "last_update_date": "2024-08-14T14:17:48.938000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Unknown Vulnerability in Siemens SCALANCE Products (CNVD-2022-56474)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/343626" }, { "title": "Siemens SCALANCE Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=243184" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-56474" }, { "db": "CNNVD", "id": "CNNVD-202208-2711" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-80", "trust": 1.0 }, { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "others (CWE-Other) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-014931" }, { "db": "NVD", "id": "CVE-2022-36325" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-710008.pdf" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu90767165/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-36325" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-223-07" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-710008.html" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-36325/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.4032" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-223-07" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/80.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-223-07" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-56474" }, { "db": "VULMON", "id": "CVE-2022-36325" }, { "db": "JVNDB", "id": "JVNDB-2022-014931" }, { "db": "CNNVD", "id": "CNNVD-202208-2711" }, { "db": "NVD", "id": "CVE-2022-36325" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-56474" }, { "db": "VULMON", "id": "CVE-2022-36325" }, { "db": "JVNDB", "id": "JVNDB-2022-014931" }, { "db": "CNNVD", "id": "CNNVD-202208-2711" }, { "db": "NVD", "id": "CVE-2022-36325" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-08-12T00:00:00", "db": "CNVD", "id": "CNVD-2022-56474" }, { "date": "2022-08-10T00:00:00", "db": "VULMON", "id": "CVE-2022-36325" }, { "date": "2023-09-22T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-014931" }, { "date": "2022-08-10T00:00:00", "db": "CNNVD", "id": "CNNVD-202208-2711" }, { "date": "2022-08-10T12:15:12.997000", "db": "NVD", "id": "CVE-2022-36325" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-08-12T00:00:00", "db": "CNVD", "id": "CNVD-2022-56474" }, { "date": "2022-08-10T00:00:00", "db": "VULMON", "id": "CVE-2022-36325" }, { "date": "2023-09-22T08:25:00", "db": "JVNDB", "id": "JVNDB-2022-014931" }, { "date": "2023-06-28T00:00:00", "db": "CNNVD", "id": "CNNVD-202208-2711" }, { "date": "2023-06-27T19:51:47.307000", "db": "NVD", "id": "CVE-2022-36325" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202208-2711" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-014931" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202208-2711" } ], "trust": 0.6 } }
var-202103-1464
Vulnerability from variot
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. Summary:
Openshift Serverless 1.10.2 is now available. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.5. Solution:
See the documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.5/html/serverless_applications/index
Bug Fix(es):
-
WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)
-
LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917)
-
Telemetry info not completely available to identify windows nodes (BZ#1955319)
-
WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412)
-
kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263)
-
Solution:
For Windows Machine Config Operator upgrades, see the following documentation:
https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html
- Bugs fixed (https://bugzilla.redhat.com/):
1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.0.10 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
Bug fix:
-
RHACM 2.0.10 images (BZ #1940452)
-
Bugs fixed (https://bugzilla.redhat.com/):
1940452 - RHACM 2.0.10 images 1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function
- ========================================================================== Ubuntu Security Notice USN-4891-1 March 25, 2021
openssl vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
OpenSSL could be made to crash or run programs if it received specially crafted network traffic. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: libssl1.1 1.1.1f-1ubuntu4.3
Ubuntu 20.04 LTS: libssl1.1 1.1.1f-1ubuntu2.3
Ubuntu 18.04 LTS: libssl1.1 1.1.1-1ubuntu2.1~18.04.9
After a standard system update you need to reboot your computer to make all the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. Package List:
Red Hat Enterprise Linux BaseOS (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update Advisory ID: RHSA-2021:1200-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:1200 Issue date: 2021-04-14 CVE Names: CVE-2021-3449 CVE-2021-3450 ==================================================================== 1. Summary:
Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 6 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security fix(es):
-
openssl: NULL pointer deref in signature_algorithms processing (CVE-2021-3449)
-
openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
- Bugs fixed (https://bugzilla.redhat.com/):
1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing
- References:
https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp&downloadType=securityPatches&version=2.4.37
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYHcRztzjgjWX9erEAQi2UA//ZnBZbF6yu43LNZh8SpIsZt25+kmRXpPO 24bitxkguIp8Mbf6aysizioKh10TgUzJAZL/xwzVGaf1YTtGXEiiQZvl+qetQhal CYcQUX9iRTbN3LL5sT0es8qIc9pXnVSh9YCRaa2i3l9KWlPWA2U0R4OfrAmGIjUe VG3tJ92HhtdeEx0VOHC+X6e7bDMoGQboT7cDJsP/xn8abWrBn9pQYfh7Ej/4qwMK 8sm6M7KcMcl2Sxjv0PB5obmZWBILWiTwHrJu6M3D6HBMJ4IdA0+DrDjf5U3NW6xp uYmmkKkw18juBkRyLBFG0Xnm8JUh9t50zRL5XbI5rcv8w+puqcuLuNWD83L+fIFE Z7eDdVaf0TYljefjbiZP/An2vjiOJ6Tm7nO79lrCI/g7Oax+/oK0/ClDpLuwVKtB hz7f5VrK2+q+qDRvXk65Ala9kMHvhkr7s2/64/UMcvqpnTSkzypFORSdj+UBevUb a+2ClrFEeokOXZxvZGQQxvu6do8roy2vrpLgNmxaDf65JZk5R4NlC3J4SbEjwBTT Wg4bnZRXHi+T8OL3fmPTnNsEMOAdH3kwUfgzIbj9o6wFzoZiKYRUk9qQv8jb1G9K x0qnCqtrwqzBBUs+ntXfTguTOba7JYx7aWH6ieBOIb5tapLJw7xOlVWbE1d29BCy CkeZnyNSON8=u60F -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202103-1464", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "graalvm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.3.1.2" }, { "model": "mysql workbench", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.23" }, { "model": "simatic cloud connect 7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "cloud volumes ontap mediator", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "simatic net cp 1543sp-1", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "simatic pdm", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "9.1.0.7" }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.12.1" }, { "model": "essbase", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.2" }, { "model": "sma100", "scope": "gte", "trust": 1.0, "vendor": "sonicwall", "version": "10.2.0.0" }, { "model": "multi-domain management", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r80.40" }, { "model": "scalance s627-2m", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance xp-200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "simatic process historian opc ua server", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2019" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "10.0.0" }, { "model": "simatic cp 1242-7 gprs v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "jd edwards world security", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "a9.4" }, { "model": "scalance xr524-8c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "tenable.sc", "scope": "gte", "trust": 1.0, "vendor": "tenable", "version": "5.13.0" }, { "model": "simatic rf188ci", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic net cp 1243-1", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "simatic rf185c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "snapcenter", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.13.0" }, { "model": "mysql connectors", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.23" }, { "model": "simatic net cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "tim 1531 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "secure global desktop", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "5.6" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "10.24.0" }, { "model": "mysql server", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "5.7.33" }, { "model": "scalance xr-300wg", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "sma100", "scope": "lt", "trust": 1.0, "vendor": "sonicwall", "version": "10.2.1.0-17sv" }, { "model": "simatic s7-1200 cpu 1217c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics connect 300", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "12.12.0" }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.11.1" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.58" }, { "model": "scalance xm-400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "simatic net cp1243-7 lte eu", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "quantum security gateway", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r81" }, { "model": "communications communications policy management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.0.0.0" }, { "model": "simatic rf360r", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "simatic hmi comfort outdoor panels", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1200 cpu 1214c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance s615", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "6.2" }, { "model": "mysql server", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.15" }, { "model": "simatic mv500", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1200 cpu 1212fc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinec pni", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "scalance xf-200ba", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.12.0" }, { "model": "simatic rf188c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic wincc runtime advanced", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "zfs storage appliance kit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.8" }, { "model": "simatic s7-1200 cpu 1211c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nessus", "scope": "lte", "trust": 1.0, "vendor": "tenable", "version": "8.13.1" }, { "model": "enterprise manager for storage management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.4.0.0" }, { "model": "multi-domain management", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r81" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.59" }, { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "simatic hmi basic panels 2nd generation", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "scalance w700", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "6.5" }, { "model": "e-series performance analyzer", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "scalance xr552-12", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "simatic net cp1243-7 lte us", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "12.0.0" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.1.1" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "graalvm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.3.5" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "14.14.0" }, { "model": "tenable.sc", "scope": "lte", "trust": 1.0, "vendor": "tenable", "version": "5.17.0" }, { "model": "web gateway cloud service", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "10.1.1" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "1.1.1k" }, { "model": "simatic rf166c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "scalance xc-200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "simatic s7-1200 cpu 1215c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "quantum security management", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r80.40" }, { "model": "scalance xr526-8c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "15.14.0" }, { "model": "simatic s7-1500 cpu 1518-4 pn\\/dp mfp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "web gateway cloud service", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "9.2.10" }, { "model": "tim 1531 irc", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "sinec infrastructure network services", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.1.1" }, { "model": "graalvm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.0.2" }, { "model": "secure backup", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "18.1.0.1.0" }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.11.0" }, { "model": "storagegrid", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.57" }, { "model": "scalance sc-600", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "simatic pcs 7 telecontrol", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1200 cpu 1215 fc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "12.22.1" }, { "model": "simatic rf186ci", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "web gateway", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "10.1.1" }, { "model": "simatic net cp 1542sp-1 irc", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "capture client", "scope": "eq", "trust": 1.0, "vendor": "sonicwall", "version": "3.5" }, { "model": "simatic logon", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "1.6.0.2" }, { "model": "simatic wincc telecontrol", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "active iq unified manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "sonicos", "scope": "eq", "trust": 1.0, "vendor": "sonicwall", "version": "7.0.1.0" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.6.0" }, { "model": "oncommand insight", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "simatic pcs neo", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance s623", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance lpe9403", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1200 cpu 1214 fc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "10.13.0" }, { "model": "log correlation engine", "scope": "lt", "trust": 1.0, "vendor": "tenable", "version": "6.0.9" }, { "model": "scalance m-800", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "6.2" }, { "model": "simatic rf186c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "web gateway cloud service", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "8.2.19" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "14.0.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.12" }, { "model": "web gateway", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "9.2.10" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "14.16.1" }, { "model": "simatic hmi ktp mobile panels", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinema server", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "scalance s612", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "simatic s7-1200 cpu 1212c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "santricity smi-s provider", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "quantum security management", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r81" }, { "model": "scalance xr528-6m", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "tia administrator", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinec nms", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.0" }, { "model": "simatic logon", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.5" }, { "model": "freebsd", "scope": "eq", "trust": 1.0, "vendor": "freebsd", "version": "12.2" }, { "model": "sinumerik opc ua server", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "mysql server", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.23" }, { "model": "ontap select deploy administration utility", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "scalance xb-200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "scalance s602", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "ruggedcom rcm1224", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "6.2" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "10.12.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "12.13.0" }, { "model": "simatic cp 1242-7 gprs v2", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "web gateway", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "8.2.19" }, { "model": "quantum security gateway", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r80.40" }, { "model": "simatic net cp 1545-1", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "1.0" }, { "model": "simatic cloud connect 7", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "15.0.0" }, { "model": "simatic net cp 1243-8 irc", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "scalance w1700", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "14.15.0" }, { "model": "simatic net cp 1543-1", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "hitachi ops center analyzer viewpoint", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "storagegrid", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "ontap select deploy administration utility", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "quantum security gateway", "scope": null, "trust": 0.8, "vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba", "version": null }, { "model": "tenable.sc", "scope": null, "trust": 0.8, "vendor": "tenable", "version": null }, { "model": "nessus", "scope": null, "trust": 0.8, "vendor": "tenable", "version": null }, { "model": "oncommand workflow automation", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "freebsd", "scope": null, "trust": 0.8, "vendor": "freebsd", "version": null }, { "model": "hitachi ops center common services", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "santricity smi-s provider", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "mcafee web gateway \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2", "scope": null, "trust": 0.8, "vendor": "\u30de\u30ab\u30d5\u30a3\u30fc", "version": null }, { "model": "e-series performance analyzer", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "fedora", "scope": null, "trust": 0.8, "vendor": "fedora", "version": null }, { "model": "jp1/file transmission server/ftp", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "quantum security management", "scope": null, "trust": 0.8, "vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba", "version": null }, { "model": "openssl", "scope": null, "trust": 0.8, "vendor": "openssl", "version": null }, { "model": "cloud volumes ontap \u30e1\u30c7\u30a3\u30a8\u30fc\u30bf", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "jp1/base", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "web gateway cloud service", "scope": null, "trust": 0.8, "vendor": "\u30de\u30ab\u30d5\u30a3\u30fc", "version": null }, { "model": "multi-domain management", "scope": null, "trust": 0.8, "vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163257" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "162076" }, { "db": "PACKETSTORM", "id": "162013" }, { "db": "PACKETSTORM", "id": "162200" }, { "db": "PACKETSTORM", "id": "162197" }, { "db": "PACKETSTORM", "id": "162189" } ], "trust": 0.8 }, "cve": "CVE-2021-3449", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2021-3449", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-388130", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.2, "id": "CVE-2021-3449", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 5.9, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-3449", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-3449", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2021-3449", "trust": 0.8, "value": "Medium" }, { "author": "VULHUB", "id": "VHN-388130", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-388130" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. Summary:\n\nOpenshift Serverless 1.10.2 is now available. This version of the OpenShift Serverless\nOperator is supported on Red Hat OpenShift Container Platform version 4.5. Solution:\n\nSee the documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/\n4.5/html/serverless_applications/index\n\n4. \n\nBug Fix(es):\n\n* WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)\n\n* LoadBalancer Service type with invalid external loadbalancer IP breaks\nthe datapath (BZ#1952917)\n\n* Telemetry info not completely available to identify windows nodes\n(BZ#1955319)\n\n* WMCO incorrectly shows node as ready after a failed configuration\n(BZ#1956412)\n\n* kube-proxy service terminated unexpectedly after recreated LB service\n(BZ#1963263)\n\n3. Solution:\n\nFor Windows Machine Config Operator upgrades, see the following\ndocumentation:\n\nhttps://docs.openshift.com/container-platform/4.7/windows_containers/window\ns-node-upgrades.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1945248 - WMCO patch pub-key-hash annotation to Linux node\n1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don\u0027t create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM\n1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath\n1955319 - Telemetry info not completely available to identify windows nodes\n1956412 - WMCO incorrectly shows node as ready after a failed configuration\n1963263 - kube-proxy service terminated unexpectedly after recreated LB service\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.0.10 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nBug fix:\n\n* RHACM 2.0.10 images (BZ #1940452)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1940452 - RHACM 2.0.10 images\n1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function\n\n5. ==========================================================================\nUbuntu Security Notice USN-4891-1\nMarch 25, 2021\n\nopenssl vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nOpenSSL could be made to crash or run programs if it received specially\ncrafted network traffic. A remote attacker could use this issue to cause\nOpenSSL to crash, resulting in a denial of service, or possibly execute\narbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n libssl1.1 1.1.1f-1ubuntu4.3\n\nUbuntu 20.04 LTS:\n libssl1.1 1.1.1f-1ubuntu2.3\n\nUbuntu 18.04 LTS:\n libssl1.1 1.1.1-1ubuntu2.1~18.04.9\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update\nAdvisory ID: RHSA-2021:1200-01\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1200\nIssue date: 2021-04-14\nCVE Names: CVE-2021-3449 CVE-2021-3450\n====================================================================\n1. Summary:\n\nRed Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip\nrelease for RHEL 7, RHEL 8 and Microsoft Windows is available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages\nthat are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.37 Service Pack 6 and includes bug fixes and\nenhancements. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity fix(es):\n\n* openssl: NULL pointer deref in signature_algorithms processing\n(CVE-2021-3449)\n\n* openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n(CVE-2021-3450)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.37\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYHcRztzjgjWX9erEAQi2UA//ZnBZbF6yu43LNZh8SpIsZt25+kmRXpPO\n24bitxkguIp8Mbf6aysizioKh10TgUzJAZL/xwzVGaf1YTtGXEiiQZvl+qetQhal\nCYcQUX9iRTbN3LL5sT0es8qIc9pXnVSh9YCRaa2i3l9KWlPWA2U0R4OfrAmGIjUe\nVG3tJ92HhtdeEx0VOHC+X6e7bDMoGQboT7cDJsP/xn8abWrBn9pQYfh7Ej/4qwMK\n8sm6M7KcMcl2Sxjv0PB5obmZWBILWiTwHrJu6M3D6HBMJ4IdA0+DrDjf5U3NW6xp\nuYmmkKkw18juBkRyLBFG0Xnm8JUh9t50zRL5XbI5rcv8w+puqcuLuNWD83L+fIFE\nZ7eDdVaf0TYljefjbiZP/An2vjiOJ6Tm7nO79lrCI/g7Oax+/oK0/ClDpLuwVKtB\nhz7f5VrK2+q+qDRvXk65Ala9kMHvhkr7s2/64/UMcvqpnTSkzypFORSdj+UBevUb\na+2ClrFEeokOXZxvZGQQxvu6do8roy2vrpLgNmxaDf65JZk5R4NlC3J4SbEjwBTT\nWg4bnZRXHi+T8OL3fmPTnNsEMOAdH3kwUfgzIbj9o6wFzoZiKYRUk9qQv8jb1G9K\nx0qnCqtrwqzBBUs+ntXfTguTOba7JYx7aWH6ieBOIb5tapLJw7xOlVWbE1d29BCy\nCkeZnyNSON8=u60F\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied", "sources": [ { "db": "NVD", "id": "CVE-2021-3449" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "VULHUB", "id": "VHN-388130" }, { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163257" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "162076" }, { "db": "PACKETSTORM", "id": "161984" }, { "db": "PACKETSTORM", "id": "162013" }, { "db": "PACKETSTORM", "id": "162200" }, { "db": "PACKETSTORM", "id": "162197" }, { "db": "PACKETSTORM", "id": "162189" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-3449", "trust": 2.8 }, { "db": "TENABLE", "id": "TNS-2021-06", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2021-09", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2021-05", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2021-10", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/03/28/3", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/03/27/2", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/03/28/4", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/03/27/1", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-772220", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-389290", "trust": 1.1 }, { "db": "PULSESECURE", "id": "SA44845", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10356", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU92126369", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-001383", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162197", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162076", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "163257", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162013", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162383", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162189", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "161984", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162200", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162114", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162350", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162041", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162183", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162699", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162337", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162151", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162196", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162172", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162201", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162307", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-99170", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-388130", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162694", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-388130" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163257" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "162076" }, { "db": "PACKETSTORM", "id": "161984" }, { "db": "PACKETSTORM", "id": "162013" }, { "db": "PACKETSTORM", "id": "162200" }, { "db": "PACKETSTORM", "id": "162197" }, { "db": "PACKETSTORM", "id": "162189" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "id": "VAR-202103-1464", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-388130" } ], "trust": 0.6742040990624999 }, "last_update_date": "2024-11-29T22:12:22.747000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "hitachi-sec-2021-119 Software product security information", "trust": 0.8, "url": "https://www.debian.org/security/2021/dsa-4875" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001383" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.1 }, { "problemtype": "NULL Pointer dereference (CWE-476) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-388130" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449" }, { "trust": 1.1, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-openssl-2021-ghy28djd" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf" }, { "trust": 1.1, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44845" }, { "trust": 1.1, "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0013" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20210326-0006/" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" }, { "trust": 1.1, "url": "https://www.openssl.org/news/secadv/20210325.txt" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2021-05" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2021-06" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2021-09" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2021-10" }, { "trust": 1.1, "url": "https://www.debian.org/security/2021/dsa-4875" }, { "trust": 1.1, "url": "https://security.gentoo.org/glsa/202103-03" }, { "trust": 1.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-21:07.openssl.asc" }, { "trust": 1.1, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.1, "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4" }, { "trust": 1.0, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=fb9fa6b51defd48157eeb207f52181f735d96148" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/" }, { "trust": 1.0, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10356" }, { "trust": 1.0, "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu92126369/" }, { "trust": 0.8, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.8, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2021-3449" }, { "trust": 0.8, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2021-3450" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450" }, { "trust": 0.5, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-20305" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305" }, { "trust": 0.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148" }, { "trust": 0.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10356" }, { "trust": 0.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20454" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20907" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13631" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7595" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13632" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8492" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16168" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9327" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13630" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20387" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.5/html/serverless_applications/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000858" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3115" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13050" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14889" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1730" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9327" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16935" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19906" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13627" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19221" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-6405" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20388" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3114" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20843" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2021" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13631" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8492" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5018" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19956" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13632" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-15903" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13630" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6405" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20218" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7595" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20916" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-25013" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25736" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29361" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2130" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-2708" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8286" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28196" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15358" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8927" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-14502" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/windows_containers/window" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8285" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9169" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13434" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25736" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-10228" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24977" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3842" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13776" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3326" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27219" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8284" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27618" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23358" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27363" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3347" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28374" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23358" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27364" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26708" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27365" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27152" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27363" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27152" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27365" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-0466" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27364" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1448" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28374" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-26708" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1063" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.9" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu4.3" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-4891-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.3" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1024" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1203" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1200" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.37" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1195" } ], "sources": [ { "db": "VULHUB", "id": "VHN-388130" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163257" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "162076" }, { "db": "PACKETSTORM", "id": "161984" }, { "db": "PACKETSTORM", "id": "162013" }, { "db": "PACKETSTORM", "id": "162200" }, { "db": "PACKETSTORM", "id": "162197" }, { "db": "PACKETSTORM", "id": "162189" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-388130" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163257" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "162076" }, { "db": "PACKETSTORM", "id": "161984" }, { "db": "PACKETSTORM", "id": "162013" }, { "db": "PACKETSTORM", "id": "162200" }, { "db": "PACKETSTORM", "id": "162197" }, { "db": "PACKETSTORM", "id": "162189" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-03-25T00:00:00", "db": "VULHUB", "id": "VHN-388130" }, { "date": "2021-05-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "date": "2021-05-19T14:19:18", "db": "PACKETSTORM", "id": "162694" }, { "date": "2021-06-23T15:44:15", "db": "PACKETSTORM", "id": "163257" }, { "date": "2021-04-29T14:37:49", "db": "PACKETSTORM", "id": "162383" }, { "date": "2021-04-05T15:16:03", "db": "PACKETSTORM", "id": "162076" }, { "date": "2021-03-26T14:15:18", "db": "PACKETSTORM", "id": "161984" }, { "date": "2021-03-30T14:07:13", "db": "PACKETSTORM", "id": "162013" }, { "date": "2021-04-15T13:50:30", "db": "PACKETSTORM", "id": "162200" }, { "date": "2021-04-15T13:50:04", "db": "PACKETSTORM", "id": "162197" }, { "date": "2021-04-14T16:50:04", "db": "PACKETSTORM", "id": "162189" }, { "date": "2021-03-25T15:15:13.450000", "db": "NVD", "id": "CVE-2021-3449" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-08-29T00:00:00", "db": "VULHUB", "id": "VHN-388130" }, { "date": "2021-09-13T07:43:00", "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "date": "2024-11-21T06:21:33.050000", "db": "NVD", "id": "CVE-2021-3449" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "161984" } ], "trust": 0.1 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001383" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code execution", "sources": [ { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "162383" } ], "trust": 0.2 } }