All the vulnerabilites related to Siemens - SIMATIC RF186C
var-202409-0243
Vulnerability from variot
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected applications contain configuration files which can be modified. An attacker with privilege access can modify these files and enable features that are not released for this device. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products such as firmware have unspecified vulnerabilities.Information is tampered with and service operation is interrupted (DoS) It may be in a state. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202409-0243", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic rf166c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic reader rf650r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf680r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r arib", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic rf1170r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "simatic reader rf615r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic rf188ci", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf1140r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "simatic rf188c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf186ci", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf186c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf185c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic reader rf680r arib", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf610r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic rf360r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic reader rf615r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf610r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf680r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf615r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf680r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf610r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r arib", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf360r", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf615r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf615r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf610r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf610r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r arib", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r arib", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf1170r", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf650r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf615r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf650r arib", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf1140r", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf650r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf166c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf185c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf186c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf186ci", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf188c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf188ci", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic reader rf610r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf610r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf610r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf615r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf615r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf615r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r arib", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r arib", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r arib", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic rf1140r", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v1.1" }, { "model": "simatic rf1170r", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v1.1" }, { "model": "simatic rf360r", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38011" }, { "db": "JVNDB", "id": "JVNDB-2024-008600" }, { "db": "NVD", "id": "CVE-2024-37990" } ] }, "cve": "CVE-2024-37990", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 7.7, "confidentialityImpact": "NONE", "exploitabilityScore": 6.4, "id": "CNVD-2024-38011", "impactScore": 9.2, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:M/C:N/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.2, "id": "CVE-2024-37990", "impactScore": 5.2, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2024-37990", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2024-37990", "trust": 1.0, "value": "MEDIUM" }, { "author": "productcert@siemens.com", "id": "CVE-2024-37990", "trust": 1.0, "value": "High" }, { "author": "NVD", "id": "CVE-2024-37990", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2024-38011", "trust": 0.6, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38011" }, { "db": "JVNDB", "id": "JVNDB-2024-008600" }, { "db": "NVD", "id": "CVE-2024-37990" }, { "db": "NVD", "id": "CVE-2024-37990" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The affected applications contain configuration files which can be modified. An attacker with privilege access can modify these files and enable features that are not released for this device. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products such as firmware have unspecified vulnerabilities.Information is tampered with and service operation is interrupted (DoS) It may be in a state. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface", "sources": [ { "db": "NVD", "id": "CVE-2024-37990" }, { "db": "JVNDB", "id": "JVNDB-2024-008600" }, { "db": "CNVD", "id": "CNVD-2024-38011" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-37990", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-765405", "trust": 2.4 }, { "db": "JVN", "id": "JVNVU90825867", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-24-256-07", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2024-008600", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2024-38011", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38011" }, { "db": "JVNDB", "id": "JVNDB-2024-008600" }, { "db": "NVD", "id": "CVE-2024-37990" } ] }, "id": "VAR-202409-0243", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2024-38011" } ], "trust": 1.11666665 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38011" } ] }, "last_update_date": "2024-09-21T20:02:08.927000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens SIMATIC RFID Readers Hidden Function Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/590346" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38011" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-912", "trust": 1.0 }, { "problemtype": "Unpublished features (CWE-912) [ others ]", "trust": 0.8 }, { "problemtype": " others (CWE-Other) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-008600" }, { "db": "NVD", "id": "CVE-2024-37990" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu90825867/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-37990" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-07" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38011" }, { "db": "JVNDB", "id": "JVNDB-2024-008600" }, { "db": "NVD", "id": "CVE-2024-37990" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2024-38011" }, { "db": "JVNDB", "id": "JVNDB-2024-008600" }, { "db": "NVD", "id": "CVE-2024-37990" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-09-13T00:00:00", "db": "CNVD", "id": "CNVD-2024-38011" }, { "date": "2024-09-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-008600" }, { "date": "2024-09-10T10:15:10.227000", "db": "NVD", "id": "CVE-2024-37990" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-09-12T00:00:00", "db": "CNVD", "id": "CNVD-2024-38011" }, { "date": "2024-09-20T05:34:00", "db": "JVNDB", "id": "JVNDB-2024-008600" }, { "date": "2024-09-18T15:27:53.563000", "db": "NVD", "id": "CVE-2024-37990" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-008600" } ], "trust": 0.8 } }
var-202409-0241
Vulnerability from variot
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected devices does not properly handle the error in case of exceeding characters while setting SNMP leading to the restart of the application. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products such as firmware have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface.
Siemens SIMATIC RFID Readers have a mishandling vulnerability that can be exploited by an attacker to cause the application to restart
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202409-0241", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic rf166c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic reader rf650r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf680r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r arib", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic rf1170r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "simatic reader rf615r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic rf188ci", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf1140r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "simatic rf188c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf186ci", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf186c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf185c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic reader rf680r arib", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf610r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic rf360r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic reader rf615r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf610r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf680r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf615r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf680r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf610r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r arib", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r arib", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf650r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf615r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf610r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf610r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf650r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf1140r", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf1170r", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf360r", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf615r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r arib", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r arib", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf615r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf650r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf166c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf185c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf186c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf186ci", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf188c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf188ci", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic reader rf610r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf610r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf610r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf615r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf615r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf615r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r arib", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r arib", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r arib", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic rf1140r", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v1.1" }, { "model": "simatic rf1170r", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v1.1" }, { "model": "simatic rf360r", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38009" }, { "db": "JVNDB", "id": "JVNDB-2024-008454" }, { "db": "NVD", "id": "CVE-2024-37992" } ] }, "cve": "CVE-2024-37992", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "exploitabilityScore": 6.4, "id": "CNVD-2024-38009", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2024-37992", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.2, "id": "CVE-2024-37992", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2024-37992", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2024-37992", "trust": 1.0, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2024-37992", "trust": 1.0, "value": "Medium" }, { "author": "NVD", "id": "CVE-2024-37992", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2024-38009", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38009" }, { "db": "JVNDB", "id": "JVNDB-2024-008454" }, { "db": "NVD", "id": "CVE-2024-37992" }, { "db": "NVD", "id": "CVE-2024-37992" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The affected devices does not properly handle the error in case of exceeding characters while setting SNMP leading to the restart of the application. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products such as firmware have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface. \n\nSiemens SIMATIC RFID Readers have a mishandling vulnerability that can be exploited by an attacker to cause the application to restart", "sources": [ { "db": "NVD", "id": "CVE-2024-37992" }, { "db": "JVNDB", "id": "JVNDB-2024-008454" }, { "db": "CNVD", "id": "CNVD-2024-38009" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-37992", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-765405", "trust": 2.4 }, { "db": "JVN", "id": "JVNVU90825867", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-24-256-07", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2024-008454", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2024-38009", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38009" }, { "db": "JVNDB", "id": "JVNDB-2024-008454" }, { "db": "NVD", "id": "CVE-2024-37992" } ] }, "id": "VAR-202409-0241", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2024-38009" } ], "trust": 1.07222222 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38009" } ] }, "last_update_date": "2024-09-20T22:21:04.422000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens SIMATIC RFID Readers Improper Handling Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/590356" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38009" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-703", "trust": 1.0 }, { "problemtype": "Improper checks or handling of exceptional circumstances (CWE-703) [ others ]", "trust": 0.8 }, { "problemtype": " Lack of information (CWE-noinfo) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-008454" }, { "db": "NVD", "id": "CVE-2024-37992" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu90825867/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-37992" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-07" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38009" }, { "db": "JVNDB", "id": "JVNDB-2024-008454" }, { "db": "NVD", "id": "CVE-2024-37992" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2024-38009" }, { "db": "JVNDB", "id": "JVNDB-2024-008454" }, { "db": "NVD", "id": "CVE-2024-37992" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-09-13T00:00:00", "db": "CNVD", "id": "CNVD-2024-38009" }, { "date": "2024-09-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-008454" }, { "date": "2024-09-10T10:15:10.837000", "db": "NVD", "id": "CVE-2024-37992" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-09-12T00:00:00", "db": "CNVD", "id": "CNVD-2024-38009" }, { "date": "2024-09-19T07:54:00", "db": "JVNDB", "id": "JVNDB-2024-008454" }, { "date": "2024-09-18T15:31:27.597000", "db": "NVD", "id": "CVE-2024-37992" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-008454" } ], "trust": 0.8 } }
var-202409-0240
Vulnerability from variot
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected application contains a hidden configuration item to enable debug functionality. This could allow an attacker to gain insight into the internal configuration of the deployment. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products such as firmware have unspecified vulnerabilities.Information may be obtained and information may be tampered with. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods, or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202409-0240", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic rf166c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic reader rf650r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf680r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r arib", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic rf1170r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "simatic reader rf615r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic rf188ci", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf1140r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "simatic rf188c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf186ci", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf186c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf185c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic reader rf680r arib", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf610r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic rf360r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic reader rf615r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf610r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf680r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf615r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf680r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf610r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r arib", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r arib", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf650r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf615r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf610r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf610r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf650r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf1140r", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf1170r", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf360r", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf615r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r arib", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r arib", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf615r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf650r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf166c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf185c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf186c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf186ci", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf188c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf188ci", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic reader rf610r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf610r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf610r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf615r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf615r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf615r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r arib", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r arib", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r arib", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic rf1140r", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v1.1" }, { "model": "simatic rf1170r", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v1.1" }, { "model": "simatic rf360r", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38007" }, { "db": "JVNDB", "id": "JVNDB-2024-008453" }, { "db": "NVD", "id": "CVE-2024-37994" } ] }, "cve": "CVE-2024-37994", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 8.0, "id": "CNVD-2024-38007", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2024-37994", "impactScore": 4.2, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "id": "CVE-2024-37994", "impactScore": 1.4, "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 7.1, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2024-37994", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2024-37994", "trust": 1.0, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2024-37994", "trust": 1.0, "value": "Medium" }, { "author": "NVD", "id": "CVE-2024-37994", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2024-38007", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38007" }, { "db": "JVNDB", "id": "JVNDB-2024-008453" }, { "db": "NVD", "id": "CVE-2024-37994" }, { "db": "NVD", "id": "CVE-2024-37994" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The affected application contains a hidden configuration item to enable debug functionality. This could allow an attacker to gain insight into the internal configuration of the deployment. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products such as firmware have unspecified vulnerabilities.Information may be obtained and information may be tampered with. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods, or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface", "sources": [ { "db": "NVD", "id": "CVE-2024-37994" }, { "db": "JVNDB", "id": "JVNDB-2024-008453" }, { "db": "CNVD", "id": "CNVD-2024-38007" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-37994", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-765405", "trust": 2.4 }, { "db": "JVN", "id": "JVNVU90825867", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-24-256-07", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2024-008453", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2024-38007", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38007" }, { "db": "JVNDB", "id": "JVNDB-2024-008453" }, { "db": "NVD", "id": "CVE-2024-37994" } ] }, "id": "VAR-202409-0240", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2024-38007" } ], "trust": 1.07222222 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38007" } ] }, "last_update_date": "2024-09-20T20:36:33.401000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens SIMATIC RFID Readers Hidden Function Vulnerability (CNVD-2024-38007)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/590366" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38007" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-912", "trust": 1.0 }, { "problemtype": "Unpublished features (CWE-912) [ others ]", "trust": 0.8 }, { "problemtype": " others (CWE-Other) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-008453" }, { "db": "NVD", "id": "CVE-2024-37994" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu90825867/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-37994" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-07" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38007" }, { "db": "JVNDB", "id": "JVNDB-2024-008453" }, { "db": "NVD", "id": "CVE-2024-37994" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2024-38007" }, { "db": "JVNDB", "id": "JVNDB-2024-008453" }, { "db": "NVD", "id": "CVE-2024-37994" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-09-13T00:00:00", "db": "CNVD", "id": "CNVD-2024-38007" }, { "date": "2024-09-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-008453" }, { "date": "2024-09-10T10:15:11.340000", "db": "NVD", "id": "CVE-2024-37994" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-09-12T00:00:00", "db": "CNVD", "id": "CNVD-2024-38007" }, { "date": "2024-09-19T07:43:00", "db": "JVNDB", "id": "JVNDB-2024-008453" }, { "date": "2024-09-18T15:35:17.403000", "db": "NVD", "id": "CVE-2024-37994" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-008453" } ], "trust": 0.8 } }
var-202409-0244
Vulnerability from variot
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected application improperly handles error while a faulty certificate upload leading to crashing of application. This vulnerability could allow an attacker to disclose sensitive information. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products such as firmware have unspecified vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202409-0244", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic rf166c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic reader rf650r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf680r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r arib", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic rf1170r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "simatic reader rf615r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic rf188ci", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf1140r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "simatic rf188c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf186ci", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf186c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf185c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic reader rf680r arib", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf610r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic rf360r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic reader rf615r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf610r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf680r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf615r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf680r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf610r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r arib", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r arib", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf650r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf615r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf610r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf610r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf650r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf1140r", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf1170r", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf360r", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf615r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r arib", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r arib", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf615r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf650r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf166c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf185c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf186c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf186ci", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf188c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf188ci", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic reader rf610r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf610r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf610r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf615r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf615r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf615r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r arib", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r arib", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r arib", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic rf1140r", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v1.1" }, { "model": "simatic rf1170r", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v1.1" }, { "model": "simatic rf360r", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38006" }, { "db": "JVNDB", "id": "JVNDB-2024-008416" }, { "db": "NVD", "id": "CVE-2024-37995" } ] }, "cve": "CVE-2024-37995", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "exploitabilityScore": 6.4, "id": "CNVD-2024-38006", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2024-37995", "impactScore": 5.2, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "LOW", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "exploitabilityScore": 1.2, "id": "CVE-2024-37995", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.1, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2024-37995", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2024-37995", "trust": 1.0, "value": "CRITICAL" }, { "author": "productcert@siemens.com", "id": "CVE-2024-37995", "trust": 1.0, "value": "Low" }, { "author": "NVD", "id": "CVE-2024-37995", "trust": 0.8, "value": "Critical" }, { "author": "CNVD", "id": "CNVD-2024-38006", "trust": 0.6, "value": "LOW" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38006" }, { "db": "JVNDB", "id": "JVNDB-2024-008416" }, { "db": "NVD", "id": "CVE-2024-37995" }, { "db": "NVD", "id": "CVE-2024-37995" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The affected application improperly handles error while a faulty certificate upload leading to crashing of application. This vulnerability could allow an attacker to disclose sensitive information. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products such as firmware have unspecified vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface", "sources": [ { "db": "NVD", "id": "CVE-2024-37995" }, { "db": "JVNDB", "id": "JVNDB-2024-008416" }, { "db": "CNVD", "id": "CNVD-2024-38006" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-37995", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-765405", "trust": 2.4 }, { "db": "JVN", "id": "JVNVU90825867", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-24-256-07", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2024-008416", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2024-38006", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38006" }, { "db": "JVNDB", "id": "JVNDB-2024-008416" }, { "db": "NVD", "id": "CVE-2024-37995" } ] }, "id": "VAR-202409-0244", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2024-38006" } ], "trust": 1.07222222 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38006" } ] }, "last_update_date": "2024-09-20T22:23:48.290000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens SIMATIC RFID Readers Improper Handling Vulnerability (CNVD-2024-38006)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/590371" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38006" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "CWE-703", "trust": 1.0 }, { "problemtype": "Improper checks or handling of exceptional circumstances (CWE-703) [ others ]", "trust": 0.8 }, { "problemtype": " Lack of information (CWE-noinfo) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-008416" }, { "db": "NVD", "id": "CVE-2024-37995" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu90825867/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-37995" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-07" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38006" }, { "db": "JVNDB", "id": "JVNDB-2024-008416" }, { "db": "NVD", "id": "CVE-2024-37995" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2024-38006" }, { "db": "JVNDB", "id": "JVNDB-2024-008416" }, { "db": "NVD", "id": "CVE-2024-37995" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-09-13T00:00:00", "db": "CNVD", "id": "CNVD-2024-38006" }, { "date": "2024-09-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-008416" }, { "date": "2024-09-10T10:15:11.570000", "db": "NVD", "id": "CVE-2024-37995" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-09-12T00:00:00", "db": "CNVD", "id": "CNVD-2024-38006" }, { "date": "2024-09-19T06:58:00", "db": "JVNDB", "id": "JVNDB-2024-008416" }, { "date": "2024-09-18T15:37:15.130000", "db": "NVD", "id": "CVE-2024-37995" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-008416" } ], "trust": 0.8 } }
var-201809-1153
Vulnerability from variot
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. Service disruption as a result (DoS) There is a possibility of being attacked. Linux Kernel is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. 7) - ppc64le
- Description:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Bug Fix(es):
These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article:
https://access.redhat.com/articles/3635371
- ========================================================================== Ubuntu Security Notice USN-3742-3 August 21, 2018
linux-lts-trusty regressions
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
USN-3742-2 introduced regressions in the Linux Hardware Enablement (HWE) kernel for Ubuntu 12.04 ESM.
Software Description: - linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise ESM
Details:
USN-3742-2 introduced mitigations in the Linux Hardware Enablement (HWE) kernel for Ubuntu 12.04 ESM to address L1 Terminal Fault (L1TF) vulnerabilities (CVE-2018-3620, CVE-2018-3646). Unfortunately, the update introduced regressions that caused kernel panics when booting in some environments as well as preventing Java applications from starting.
We apologize for the inconvenience.
Original advisory details:
It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646)
It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). (CVE-2018-3620)
Andrey Konovalov discovered an out-of-bounds read in the POSIX timers subsystem in the Linux kernel. (CVE-2018-5391)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 ESM: linux-image-3.13.0-156-generic 3.13.0-156.206~precise1 linux-image-3.13.0-156-generic-lpae 3.13.0-156.206~precise1 linux-image-generic-lpae-lts-trusty 3.13.0.156.146 linux-image-generic-lts-trusty 3.13.0.156.146
After a standard system update you need to reboot your computer to make all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:3590-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:3590 Issue date: 2018-11-13 CVE Names: CVE-2017-18344 CVE-2018-5391 CVE-2018-10675 CVE-2018-14634 =====================================================================
- Summary:
An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.2) - noarch, x86_64
- Description:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
-
A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. (CVE-2018-5391)
-
kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)
-
kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675)
-
kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391 and Qualys Research Labs for reporting CVE-2018-14634.
Bug Fix(es):
-
Previously, a kernel panic occurred when the kernel tried to make an out of bound access to the array that describes the L1 Terminal Fault (L1TF) mitigation state on systems without Extended Page Tables (EPT) support. This update extends the array of mitigation states to cover all the states, which effectively prevents out of bound array access. Also, this update enables rejecting invalid, irrelevant values, that might be erroneously provided by the userspace. As a result, the kernel no longer panics in the described scenario. (BZ#1629565)
-
Previously, a packet was missing the User Datagram Protocol (UDP) payload checksum during a full checksum computation, if the hardware checksum was not applied. As a consequence, a packet with an incorrect checksum was dropped by a peer. With this update, the kernel includes the UDP payload checksum during the full checksum computation. As a result, the checksum is computed correctly and the packet can be received by the peer. (BZ#1635792)
-
Previously, a transform lookup through the xfrm framework could be performed on an already transformed destination cache entry (dst_entry). When using User Datagram Protocol (UDP) over IPv6 with a connected socket in conjunction with Internet Protocol Security (IPsec) in Encapsulating Security Payload (ESP) transport mode. As a consequence, invalid IPv6 fragments transmitted from the host or the kernel occasionally terminated unexpectedly due to a socket buffer (SKB) underrun. With this update, the xfrm lookup on an already transformed dst_entry is not possible. As a result, using UDP iperf utility over IPv6 ESP no longer causes invalid IPv6 fragment transmissions or a kernel panic. (BZ#1639586)
-
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1575065 - CVE-2018-10675 kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact 1609664 - CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) 1610958 - CVE-2017-18344 kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c 1624498 - CVE-2018-14634 kernel: Integer overflow in Linux's create_elf_tables function
- Package List:
Red Hat Enterprise Linux Server AUS (v. 7.2):
Source: kernel-3.10.0-327.76.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm kernel-doc-3.10.0-327.76.1.el7.noarch.rpm
x86_64: kernel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-headers-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm perf-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.2):
Source: kernel-3.10.0-327.76.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm kernel-doc-3.10.0-327.76.1.el7.noarch.rpm
x86_64: kernel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-headers-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm perf-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.2):
Source: kernel-3.10.0-327.76.1.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm kernel-doc-3.10.0-327.76.1.el7.noarch.rpm
x86_64: kernel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-devel-3.10.0-327.76.1.el7.x86_64.rpm kernel-headers-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm perf-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.2):
x86_64: kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional E4S (v. 7.2):
x86_64: kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 7.2):
x86_64: kernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-18344 https://access.redhat.com/security/cve/CVE-2018-5391 https://access.redhat.com/security/cve/CVE-2018-10675 https://access.redhat.com/security/cve/CVE-2018-14634 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/3553061 https://access.redhat.com/security/vulnerabilities/mutagen-astronomy
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBW+sPDtzjgjWX9erEAQhm3BAAhxwzb8zJTfl0zFY/r9KUzkAdLXY4w39X BgJrVPyl7f6krvQ17HE95Poqz/iUhMOZAweypQXHMRKkmfMTYiLHlKpdIusou2xy y1ZzB1uloI4j2zMdTDRP5yZz06r/NP5A05pLZDA02iR5b07ALLYb5hcL5oBnpQXp 9Xp31qb7TCP+jWtCO1Ot+9GJ3chMNvpYqH0OkGTpq/G7PxGrhIzB6v4p6N5OntD9 5CIebREaGBWn9ViWiUHcthgg+PN2iS2/5ST82g/Jss/WmVVZSiVbayob6/MNQPnb M29VHOmJ6pf5dERNpSqrJrBXeDYCMA6HHD+RT9SmiuQQ8gQ2Rzjy7K97Nn++6x7O nclOTmB7hQZtl0WhgC3xuwtslXGpe9jKSzql03ijTvJRQrczgVWiBS+tpfVAJprV ma2Kchf5ivctaXZ/R62JMyTvNf6HCVdvBNvSNET52ol3PkdpJK7V7mg+H64Mqdrl cBTUDBHHYYWMJted9pHWq7tPs0vy1h9aoFqNdlak5jwr169vldlZMRBbhtvz+OXj V/o+IClbY9UUfibaXDoX7qufeVikW1KQ4L+VhRj3RzXNsu2A8FUAcN7za5Qv5HIe LiC42C+pjvHqS/9gNpBakzKv6nPldWZIfPEuF4zewizBxlTXHPE1ln1hAWKjqVTs 6QJ1Zh7jeUY= =8JOQ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6.5) - x86_64
Bug Fix(es):
-
Previously, invalid headers in the sk_buff struct led to an indefinite loop in the tcp_collapse() function. (BZ#1619630)
-
After updating the system to prevent the L1 Terminal Fault (L1TF) vulnerability, only one thread was detected on systems that offer processing of two threads on a single processor core. With this update, the "__max_smt_threads()" function has been fixed. (BZ#1629632)
-
7.3) - ppc64, ppc64le, x86_64
-
Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. Consequently, the node was not available. This update fixes an irq latency source in memory compaction. (BZ#1596281)
-
Previously, the kernel source code was missing support to report the Speculative Store Bypass Disable (SSBD) vulnerability status on IBM Power Systems and the little-endian variants of IBM Power Systems. As a consequence, the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file incorrectly reported "Not affected" on both CPU architectures. This fix updates the kernel source code to properly report the SSBD status either as "Vulnerable" or "Mitigation: Kernel entry/exit barrier (TYPE)" where TYPE is one of "eieio", "hwsync", "fallback", or "unknown". As a consequence, the VMs sometimes became unresponsive when booting. This update applies an upstream patch to avoid early microcode update when running under a hypervisor. (BZ#1618388)
4
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201809-1153", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ubuntu linux", "scope": "eq", "trust": 1.6, "vendor": "canonical", "version": "16.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.6, "vendor": "canonical", "version": "14.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.6, "vendor": "canonical", "version": "12.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.6, "vendor": "canonical", "version": "18.04" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.7" }, { "model": "big-ip domain name system", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.6" }, { "model": "big-ip analytics", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "11.5.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "big-ip webaccelerator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "big-ip application security manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "big-ip policy enforcement manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "big-ip application acceleration manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "11.6.5.1" }, { "model": "big-ip application security manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip application acceleration manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.0.1.1" }, { "model": "big-ip domain name system", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "big-ip access policy manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "big-ip application security manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.1.2.4" }, { "model": "big-ip analytics", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "big-ip link controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip analytics", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "big-ip edge gateway", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "11.6.5.1" }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1803" }, { "model": "windows 7", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "big-ip global traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "big-ip edge gateway", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.0.1.1" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "big-ip fraud protection service", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "big-ip advanced firewall manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "simatic rf186ci", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.3" }, { "model": "simatic rf188", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.3" }, { "model": "big-ip application acceleration manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "big-ip domain name system", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.1.2.4" }, { "model": "big-ip webaccelerator", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "11.6.5.1" }, { "model": "simatic net cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "big-ip fraud protection service", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip link controller", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "11.6.5.1" }, { "model": "simatic net cp 1542sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "big-ip webaccelerator", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.0.1.1" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.5" }, { "model": "enterprise linux server", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "big-ip application acceleration manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip application security manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "big-ip link controller", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.0.1.1" }, { "model": "big-ip policy enforcement manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.1.2.4" }, { "model": "big-ip analytics", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.1.2.4" }, { "model": "sinema remote connect server", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "big-ip local traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.4" }, { "model": "windows server 2012", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "scalance m-800", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.1" }, { "model": "big-ip edge gateway", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "big-ip advanced firewall manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "big-ip link controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "big-ip local traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "11.5.1" }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1709" }, { "model": "big-ip webaccelerator", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "big-ip access policy manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip global traffic manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "11.6.5.1" }, { "model": "big-ip edge gateway", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip application acceleration manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "sinema remote connect server", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.0.1" }, { "model": "big-ip global traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "big-ip global traffic manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.0.1.1" }, { "model": "windows 8.1", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "big-ip domain name system", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "big-ip local traffic manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "11.6.5.1" }, { "model": "big-ip global traffic manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "big-ip access policy manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip local traffic manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.0.1.1" }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1803" }, { "model": "big-ip access policy manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "11.6.5.1" }, { "model": "big-ip advanced firewall manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "11.6.5.1" }, { "model": "big-ip domain name system", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip local traffic manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "big-ip application acceleration manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "big-ip policy enforcement manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "windows server 2012", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "r2" }, { "model": "big-ip access policy manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.0.1.1" }, { "model": "big-ip fraud protection service", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "kernel", "scope": "lte", "trust": 1.0, "vendor": "linux", "version": "4.18" }, { "model": "big-ip advanced firewall manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.0.1.1" }, { "model": "big-ip application security manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "simatic net cp 1543sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "big-ip edge gateway", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "big-ip application acceleration manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip global traffic manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "big-ip policy enforcement manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "11.5.1" }, { "model": "simatic rf188ci", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.3" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.5" }, { "model": "simatic rf186c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.3" }, { "model": "big-ip local traffic manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "big-ip webaccelerator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "big-ip application acceleration manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.1.2.4" }, { "model": "big-ip access policy manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "big-ip link controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "big-ip access policy manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "big-ip webaccelerator", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "big-ip local traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip edge gateway", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "big-ip advanced firewall manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "big-ip fraud protection service", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "11.6.5.1" }, { "model": "kernel", "scope": "gte", "trust": 1.0, "vendor": "linux", "version": "3.9" }, { "model": "big-ip link controller", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "big-ip policy enforcement manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "11.6.5.1" }, { "model": "big-ip fraud protection service", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.0.1.1" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "big-ip advanced firewall manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip edge gateway", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip policy enforcement manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.0.1.1" }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1709" }, { "model": "simatic net cp 1243-7 lte eu", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "scalance s615", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.1" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "8.0" }, { "model": "big-ip edge gateway", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.1.2.4" }, { "model": "big-ip analytics", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "scalance w700 ieee 802.11a\\/b\\/g\\/n", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "big-ip link controller", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "big-ip webaccelerator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "big-ip fraud protection service", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "windows server 2008", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "big-ip advanced firewall manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip domain name system", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip application acceleration manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.0" }, { "model": "ruggedcom rox ii", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.13.3" }, { "model": "simatic net cp 1242-7", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "big-ip webaccelerator", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.1.2.4" }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1607" }, { "model": "big-ip application security manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "11.6.5.1" }, { "model": "big-ip policy enforcement manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "ruggedcom rm1224", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.1" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.6" }, { "model": "big-ip application security manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.0.1.1" }, { "model": "big-ip local traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "big-ip access policy manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "big-ip analytics", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "big-ip advanced firewall manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "big-ip edge gateway", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "big-ip advanced firewall manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "big-ip global traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "windows server 2008", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "r2" }, { "model": "windows rt 8.1", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "scalance sc-600", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.4" }, { "model": "big-ip domain name system", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "11.6.5.1" }, { "model": "big-ip global traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "11.5.1" }, { "model": "simatic net cp 1243-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "big-ip domain name system", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.0.1.1" }, { "model": "big-ip global traffic manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.1.2.4" }, { "model": "big-ip domain name system", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "big-ip fraud protection service", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "big-ip analytics", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "11.6.5.1" }, { "model": "big-ip application security manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "big-ip local traffic manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.1.2.4" }, { "model": "simatic net cp 1243-7 lte us", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "big-ip application acceleration manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "big-ip fraud protection service", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "simatic net cp 1542sp-1 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "big-ip analytics", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.0.1.1" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.3" }, { "model": "big-ip policy enforcement manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.0.0" }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "big-ip access policy manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.1.2.4" }, { "model": "big-ip policy enforcement manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "big-ip webaccelerator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "big-ip advanced firewall manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.1.2.4" }, { "model": "big-ip application security manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "11.5.1" }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1703" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "6.0" }, { "model": "big-ip domain name system", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "enterprise linux server tus", "scope": "eq", "trust": 1.0, "vendor": "redhat", "version": "7.2" }, { "model": "big-ip link controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "12.1.0" }, { "model": "big-ip local traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "big-ip fraud protection service", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "big-ip webaccelerator", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "11.5.1" }, { "model": "simatic net cp 1243-8 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2" }, { "model": "big-ip policy enforcement manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "scalance w1700 ieee 802.11ac", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "big-ip analytics", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "13.1.3" }, { "model": "big-ip edge gateway", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "big-ip link controller", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "11.5.1" }, { "model": "big-ip link controller", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.1.2.4" }, { "model": "big-ip analytics", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": "simatic rf185c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.3" }, { "model": "big-ip access policy manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "13.0.0" }, { "model": "big-ip fraud protection service", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "14.1.2.4" }, { "model": "big-ip application security manager", "scope": "lt", "trust": 1.0, "vendor": "f5", "version": "12.1.5" }, { "model": "big-ip global traffic manager", "scope": "gte", "trust": 1.0, "vendor": "f5", "version": "14.1.0" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "arista", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "check point", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "debian gnu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "microsoft", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "suse linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ubuntu", "version": null }, { "model": "kernel", "scope": null, "trust": 0.8, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14.2" }, { "model": "pan-os", "scope": "ne", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.20" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.15.8" }, { "model": "extendible operating system 4.20.5f", "scope": null, "trust": 0.3, "vendor": "arista", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.73" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.15" }, { "model": "extendible operating system 4.20.5.1f", "scope": null, "trust": 0.3, "vendor": "arista", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.7" }, { "model": "windows server r2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20120" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "8.0.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.13.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.13.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.22" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.18" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.17.11" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.18" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.15" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.13.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10" }, { "model": "kernel 3.9-rc3", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "8.0.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.17.2" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.11.5" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "extendible operating system 4.20.4f", "scope": null, "trust": 0.3, "vendor": "arista", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.1" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "8.0.8" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.17.1" }, { "model": "kernel 4.14-rc5", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "8.0.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.16" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018030" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.9" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.21" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.10" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "18030" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.18" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.22" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.23" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.11.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.14" }, { "model": "extendible operating system 4.20.4.1f", "scope": null, "trust": 0.3, "vendor": "arista", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.9.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.17" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.12.10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.15" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.21" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.13.0" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.16.7" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.16" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14.37" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.9.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14.54" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.43" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14.73" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "8.10" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.13" }, { "model": "windows rt", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "8.1" }, { "model": "windows server r2 for itanium-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.12" }, { "model": "pan-os", "scope": "ne", "trust": 0.3, "vendor": "paloaltonetworks", "version": "8.1.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.12" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.9.9" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.21" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.14.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.16.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.16" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.14.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.9.13" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.18.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.3" }, { "model": "kernel 3.9-rc8", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.17.10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.12.1" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "8.10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.15" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.13.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.44" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.49" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.13.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.13" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.9.4" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.20" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.18.17" }, { "model": "extendible operating system 4.21.0f", "scope": null, "trust": 0.3, "vendor": "arista", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "8.1.2" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.12" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.15" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.13.8" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.16" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.27" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.13.10" }, { "model": "kernel 4.13-rc1", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "extendible operating system 4.20.7m", "scope": null, "trust": 0.3, "vendor": "arista", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.14.2" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.19" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "8.1.3" }, { "model": "windows server r2 for x64-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.12.9" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.11.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.14.3" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "8.0.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.13.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.45" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.19.2" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.9" }, { "model": "extendible operating system 4.20.1f", "scope": null, "trust": 0.3, "vendor": "arista", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "8.0.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.14.13" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.13" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "8.0.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.37" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.17.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.48" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.18.8" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.9.8" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.21" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.81" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.15.10" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.30" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "8.0.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.12" }, { "model": "kernel 4.14.0-rc1", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel 4.16-rc", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.13.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.22" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.6" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.14.8" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "8.0.4" }, { "model": "windows server for x64-based systems sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.15.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.16.36" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.15.14" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.13.11" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "8.0.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.13" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.15.4" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20160" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.11.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.14.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.18.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.41" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.18.9" }, { "model": "extendible operating system 4.20.6f", "scope": null, "trust": 0.3, "vendor": "arista", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.0" }, { "model": "linux esm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.11" }, { "model": "extendible operating system 4.20.8m", "scope": null, "trust": 0.3, "vendor": "arista", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.8" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.17" }, { "model": "windows server for itanium-based systems sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "windows for 32-bit systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.15.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.11.3" }, { "model": "kernel 3.9-rc1", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.31" }, { "model": "windows for x64-based systems sp1", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.17.4" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.14" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.14.10" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.14.14" }, { "model": "kernel 4.12-rc1", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.17" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.14.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.14" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.13.3" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.17" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.13.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.10" }, { "model": "enterprise mrg", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.4" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.2" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.13.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.14.15" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.14.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.19" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.12" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.11.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.13.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.17.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.15.9" }, { "model": "windows server for 32-bit systems sp2", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "2008" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.13.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14.79" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.16" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.14" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.17" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.14.1" }, { "model": "extendible operating system 4.20.2f", "scope": null, "trust": 0.3, "vendor": "arista", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.9.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.13.6" }, { "model": "pan-os", "scope": "ne", "trust": 0.3, "vendor": "paloaltonetworks", "version": "8.0.13" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.7" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "20120" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.13.5" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.3" }, { "model": "extendible operating system", "scope": "eq", "trust": 0.3, "vendor": "arista", "version": "0" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "8.0.12" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "8.0.10" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "18.04" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.14" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.13.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.18.22" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.9.8" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14.45" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.7" }, { "model": "kernel 4.15-rc5", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.1" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "16.04" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.16.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.12.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.16.1" }, { "model": "extendible operating system 4.20.3f", "scope": null, "trust": 0.3, "vendor": "arista", "version": null }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017090" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.9" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "8.1.4" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.11.7" }, { "model": "extendible operating system 4.20.5.2f", "scope": null, "trust": 0.3, "vendor": "arista", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.18" }, { "model": "pan-os", "scope": "ne", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.22" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.18.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.15.7" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "8.1.1" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "8.1" }, { "model": "windows server", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "17090" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "100" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.20" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.36" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.19" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.16.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.12.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.11.8" }, { "model": "kernel 3.9-rc7", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.90" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.15.16" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.11.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.11.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.2" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1016070" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.18.7" }, { "model": "extendible operating system 4.20.0f", "scope": null, "trust": 0.3, "vendor": "arista", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.16.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.38" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.16.3" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.15.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.1" }, { "model": "windows version for 32-bit systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1018030" }, { "model": "extendible operating system 4.20.2.1f", "scope": null, "trust": 0.3, "vendor": "arista", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.17.6" }, { "model": "kernel 4.17-rc2", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.13.1" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.14.7" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.10.8" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.12.4" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.4" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.10" }, { "model": "kernel 4.16-rc6", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.40" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.9" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.17.2" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.18.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.16.6" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.14.31" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "4.11.1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.11" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.26" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "7.1.13" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017030" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.17" }, { "model": "windows version for x64-based systems", "scope": "eq", "trust": 0.3, "vendor": "microsoft", "version": "1017090" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.11" }, { "model": "pan-os", "scope": "eq", "trust": 0.3, "vendor": "paloaltonetworks", "version": "6.1.10" }, { "model": "kernel 4.14-rc1", "scope": null, "trust": 0.3, "vendor": "linux", "version": null }, { "model": "kernel 4.16-rc7", "scope": null, "trust": 0.3, "vendor": "linux", "version": null } ], "sources": [ { "db": "CERT/CC", "id": "VU#641765" }, { "db": "BID", "id": "105108" }, { "db": "JVNDB", "id": "JVNDB-2018-006630" }, { "db": "CNNVD", "id": "CNNVD-201808-570" }, { "db": "NVD", "id": "CVE-2018-5391" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:linux:linux_kernel", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-006630" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "150068" }, { "db": "PACKETSTORM", "id": "150057" }, { "db": "PACKETSTORM", "id": "149726" }, { "db": "PACKETSTORM", "id": "150315" }, { "db": "PACKETSTORM", "id": "149830" }, { "db": "PACKETSTORM", "id": "149546" } ], "trust": 0.6 }, "cve": "CVE-2018-5391", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2018-5391", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "availabilityRequirement": "NOT DEFINED", "baseScore": 7.8, "collateralDamagePotential": "NOT DEFINED", "confidentialityImpact": "NONE", "confidentialityRequirement": "NOT DEFINED", "enviromentalScore": 6.6, "exploitability": "UNPROVEN", "exploitabilityScore": 10.0, "id": "CVE-2018-5391", "impactScore": 6.9, "integrityImpact": "NONE", "integrityRequirement": "NOT DEFINED", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "remediationLevel": "NOT DEFINED", "reportConfidence": "NOT DEFINED", "severity": "HIGH", "targetDistribution": "HIGH", "trust": 0.8, "userInteractionRequired": null, "vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "JPCERT/CC", "availabilityImpact": "Complete", "baseScore": 7.8, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2018-006630", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-135422", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2018-5391", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "JPCERT/CC", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2018-006630", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-5391", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2018-5391", "trust": 0.8, "value": "HIGH" }, { "author": "JPCERT/CC", "id": "JVNDB-2018-006630", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201808-570", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-135422", "trust": 0.1, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2018-5391", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#641765" }, { "db": "VULHUB", "id": "VHN-135422" }, { "db": "VULMON", "id": "CVE-2018-5391" }, { "db": "JVNDB", "id": "JVNDB-2018-006630" }, { "db": "CNNVD", "id": "CNNVD-201808-570" }, { "db": "NVD", "id": "CVE-2018-5391" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. Service disruption as a result (DoS) There is a possibility of being attacked. Linux Kernel is prone to a remote denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition. 7) - ppc64le\n\n3. Description:\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables\nfine-tuning for systems with extremely high determinism requirements. \n\nBug Fix(es):\n\nThese updated kernel packages include also numerous bug fixes. Space\nprecludes documenting all of the bug fixes in this advisory. See the\ndescriptions in the related Knowledge Article:\n\nhttps://access.redhat.com/articles/3635371\n\n4. ==========================================================================\nUbuntu Security Notice USN-3742-3\nAugust 21, 2018\n\nlinux-lts-trusty regressions\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 ESM\n\nSummary:\n\nUSN-3742-2 introduced regressions in the Linux Hardware Enablement\n(HWE) kernel for Ubuntu 12.04 ESM. \n\nSoftware Description:\n- linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise ESM\n\nDetails:\n\nUSN-3742-2 introduced mitigations in the Linux Hardware Enablement\n(HWE) kernel for Ubuntu 12.04 ESM to address L1 Terminal Fault (L1TF)\nvulnerabilities (CVE-2018-3620, CVE-2018-3646). Unfortunately, the\nupdate introduced regressions that caused kernel panics when booting\nin some environments as well as preventing Java applications from\nstarting. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\n It was discovered that memory present in the L1 data cache of an Intel CPU\n core may be exposed to a malicious process that is executing on the CPU\n core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local\n attacker in a guest virtual machine could use this to expose sensitive\n information (memory from other guests or the host OS). (CVE-2018-3646)\n\n It was discovered that memory present in the L1 data cache of an Intel CPU\n core may be exposed to a malicious process that is executing on the CPU\n core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local\n attacker could use this to expose sensitive information (memory from the\n kernel or other processes). (CVE-2018-3620)\n\n Andrey Konovalov discovered an out-of-bounds read in the POSIX\n timers subsystem in the Linux kernel. (CVE-2018-5391)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 ESM:\n linux-image-3.13.0-156-generic 3.13.0-156.206~precise1\n linux-image-3.13.0-156-generic-lpae 3.13.0-156.206~precise1\n linux-image-generic-lpae-lts-trusty 3.13.0.156.146\n linux-image-generic-lts-trusty 3.13.0.156.146\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nATTENTION: Due to an unavoidable ABI change the kernel updates have\nbeen given a new version number, which requires you to recompile and\nreinstall all third party kernel modules you might have installed. \nUnless you manually uninstalled the standard kernel metapackages\n(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,\nlinux-powerpc), a standard system upgrade will automatically perform\nthis as well. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: kernel security and bug fix update\nAdvisory ID: RHSA-2018:3590-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2018:3590\nIssue date: 2018-11-13\nCVE Names: CVE-2017-18344 CVE-2018-5391 CVE-2018-10675 \n CVE-2018-14634 \n=====================================================================\n\n1. Summary:\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.2\nAdvanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update\nSupport, and Red Hat Enterprise Linux 7.2 Update Services for SAP\nSolutions. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.2) - noarch, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64\nRed Hat Enterprise Linux Server Optional E4S (v. 7.2) - x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.2) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.2) - noarch, x86_64\n\n3. Description:\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system. \n\nSecurity Fix(es):\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled\nreassembly of fragmented IPv4 and IPv6 packets. (CVE-2018-5391)\n\n* kernel: out-of-bounds access in the show_timer function in\nkernel/time/posix-timers.c (CVE-2017-18344)\n\n* kernel: mm: use-after-free in do_get_mempolicy function allows local DoS\nor other unspecified impact (CVE-2018-10675)\n\n* kernel: Integer overflow in Linux\u0027s create_elf_tables function\n(CVE-2018-14634)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank Juha-Matti Tilli (Aalto University - Department\nof Communications and Networking and Nokia Bell Labs) for reporting\nCVE-2018-5391 and Qualys Research Labs for reporting CVE-2018-14634. \n\nBug Fix(es):\n\n* Previously, a kernel panic occurred when the kernel tried to make an out\nof bound access to the array that describes the L1 Terminal Fault (L1TF)\nmitigation state on systems without Extended Page Tables (EPT) support. \nThis update extends the array of mitigation states to cover all the states,\nwhich effectively prevents out of bound array access. Also, this update\nenables rejecting invalid, irrelevant values, that might be erroneously\nprovided by the userspace. As a result, the kernel no longer panics in the\ndescribed scenario. (BZ#1629565)\n\n* Previously, a packet was missing the User Datagram Protocol (UDP) payload\nchecksum during a full checksum computation, if the hardware checksum was\nnot applied. As a consequence, a packet with an incorrect checksum was\ndropped by a peer. With this update, the kernel includes the UDP payload\nchecksum during the full checksum computation. As a result, the checksum is\ncomputed correctly and the packet can be received by the peer. (BZ#1635792)\n\n* Previously, a transform lookup through the xfrm framework could be\nperformed on an already transformed destination cache entry (dst_entry). \nWhen using User Datagram Protocol (UDP) over IPv6 with a connected socket\nin conjunction with Internet Protocol Security (IPsec) in Encapsulating\nSecurity Payload (ESP) transport mode. As a consequence, invalid IPv6\nfragments transmitted from the host or the kernel occasionally terminated\nunexpectedly due to a socket buffer (SKB) underrun. With this update, the\nxfrm lookup on an already transformed dst_entry is not possible. As a\nresult, using UDP iperf utility over IPv6 ESP no longer causes invalid IPv6\nfragment transmissions or a kernel panic. (BZ#1639586)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1575065 - CVE-2018-10675 kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact\n1609664 - CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack)\n1610958 - CVE-2017-18344 kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c\n1624498 - CVE-2018-14634 kernel: Integer overflow in Linux\u0027s create_elf_tables function\n\n6. Package List:\n\nRed Hat Enterprise Linux Server AUS (v. 7.2):\n\nSource:\nkernel-3.10.0-327.76.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm\nkernel-doc-3.10.0-327.76.1.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-devel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-headers-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm\nperf-3.10.0-327.76.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.2):\n\nSource:\nkernel-3.10.0-327.76.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm\nkernel-doc-3.10.0-327.76.1.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-devel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-headers-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm\nperf-3.10.0-327.76.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.2):\n\nSource:\nkernel-3.10.0-327.76.1.el7.src.rpm\n\nnoarch:\nkernel-abi-whitelists-3.10.0-327.76.1.el7.noarch.rpm\nkernel-doc-3.10.0-327.76.1.el7.noarch.rpm\n\nx86_64:\nkernel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debug-devel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-devel-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-headers-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-libs-3.10.0-327.76.1.el7.x86_64.rpm\nperf-3.10.0-327.76.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.2):\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.2):\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 7.2):\n\nx86_64:\nkernel-debug-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-debuginfo-common-x86_64-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\nkernel-tools-libs-devel-3.10.0-327.76.1.el7.x86_64.rpm\nperf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\npython-perf-debuginfo-3.10.0-327.76.1.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-18344\nhttps://access.redhat.com/security/cve/CVE-2018-5391\nhttps://access.redhat.com/security/cve/CVE-2018-10675\nhttps://access.redhat.com/security/cve/CVE-2018-14634\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/articles/3553061\nhttps://access.redhat.com/security/vulnerabilities/mutagen-astronomy\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2018 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBW+sPDtzjgjWX9erEAQhm3BAAhxwzb8zJTfl0zFY/r9KUzkAdLXY4w39X\nBgJrVPyl7f6krvQ17HE95Poqz/iUhMOZAweypQXHMRKkmfMTYiLHlKpdIusou2xy\ny1ZzB1uloI4j2zMdTDRP5yZz06r/NP5A05pLZDA02iR5b07ALLYb5hcL5oBnpQXp\n9Xp31qb7TCP+jWtCO1Ot+9GJ3chMNvpYqH0OkGTpq/G7PxGrhIzB6v4p6N5OntD9\n5CIebREaGBWn9ViWiUHcthgg+PN2iS2/5ST82g/Jss/WmVVZSiVbayob6/MNQPnb\nM29VHOmJ6pf5dERNpSqrJrBXeDYCMA6HHD+RT9SmiuQQ8gQ2Rzjy7K97Nn++6x7O\nnclOTmB7hQZtl0WhgC3xuwtslXGpe9jKSzql03ijTvJRQrczgVWiBS+tpfVAJprV\nma2Kchf5ivctaXZ/R62JMyTvNf6HCVdvBNvSNET52ol3PkdpJK7V7mg+H64Mqdrl\ncBTUDBHHYYWMJted9pHWq7tPs0vy1h9aoFqNdlak5jwr169vldlZMRBbhtvz+OXj\nV/o+IClbY9UUfibaXDoX7qufeVikW1KQ4L+VhRj3RzXNsu2A8FUAcN7za5Qv5HIe\nLiC42C+pjvHqS/9gNpBakzKv6nPldWZIfPEuF4zewizBxlTXHPE1ln1hAWKjqVTs\n6QJ1Zh7jeUY=\n=8JOQ\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 6.5) - x86_64\n\n3. \n\nBug Fix(es):\n\n* Previously, invalid headers in the sk_buff struct led to an indefinite\nloop in the tcp_collapse() function. (BZ#1619630)\n\n* After updating the system to prevent the L1 Terminal Fault (L1TF)\nvulnerability, only one thread was detected on systems that offer\nprocessing of two threads on a single processor core. With this update, the\n\"__max_smt_threads()\" function has been fixed. (BZ#1629632)\n\n4. 7.3) - ppc64, ppc64le, x86_64\n\n3. Maintaining the denial of service\ncondition requires continuous two-way TCP sessions to a reachable open\nport, thus the attacks cannot be performed using spoofed IP addresses. Consequently, the node was not available. This\nupdate fixes an irq latency source in memory compaction. \n(BZ#1596281)\n\n* Previously, the kernel source code was missing support to report the\nSpeculative Store Bypass Disable (SSBD) vulnerability status on IBM Power\nSystems and the little-endian variants of IBM Power Systems. As a\nconsequence, the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass\nfile incorrectly reported \"Not affected\" on both CPU architectures. This\nfix updates the kernel source code to properly report the SSBD status\neither as \"Vulnerable\" or \"Mitigation: Kernel entry/exit barrier (TYPE)\"\nwhere TYPE is one of \"eieio\", \"hwsync\", \"fallback\", or \"unknown\". As a\nconsequence, the VMs sometimes became unresponsive when booting. This\nupdate applies an upstream patch to avoid early microcode update when\nrunning under a hypervisor. (BZ#1618388)\n\n4", "sources": [ { "db": "NVD", "id": "CVE-2018-5391" }, { "db": "CERT/CC", "id": "VU#641765" }, { "db": "JVNDB", "id": "JVNDB-2018-006630" }, { "db": "BID", "id": "105108" }, { "db": "VULHUB", "id": "VHN-135422" }, { "db": "VULMON", "id": "CVE-2018-5391" }, { "db": "PACKETSTORM", "id": "150068" }, { "db": "PACKETSTORM", "id": "150057" }, { "db": "PACKETSTORM", "id": "148914" }, { "db": "PACKETSTORM", "id": "149726" }, { "db": "PACKETSTORM", "id": "149024" }, { "db": "PACKETSTORM", "id": "150315" }, { "db": "PACKETSTORM", "id": "149830" }, { "db": "PACKETSTORM", "id": "148916" }, { "db": "PACKETSTORM", "id": "148913" }, { "db": "PACKETSTORM", "id": "149546" } ], "trust": 3.69 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-5391", "trust": 3.9 }, { "db": "CERT/CC", "id": "VU#641765", "trust": 3.7 }, { "db": "BID", "id": "105108", "trust": 2.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2019/06/28/2", "trust": 1.8 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2019/07/06/4", "trust": 1.8 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2019/07/06/3", "trust": 1.8 }, { "db": "SIEMENS", "id": "SSA-377115", "trust": 1.8 }, { "db": "SECTRACK", "id": "1041476", "trust": 1.8 }, { "db": "SECTRACK", "id": "1041637", "trust": 1.8 }, { "db": "JVN", "id": "JVNVU93630542", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-006630", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201808-570", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.0545", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0623", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0854", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1315", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.0675", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-20-105-05", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "148928", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-135422", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2018-5391", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150068", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150057", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "148914", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "149726", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "149024", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "150315", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "149830", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "148916", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "148913", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "149546", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#641765" }, { "db": "VULHUB", "id": "VHN-135422" }, { "db": "VULMON", "id": "CVE-2018-5391" }, { "db": "BID", "id": "105108" }, { "db": "JVNDB", "id": "JVNDB-2018-006630" }, { "db": "PACKETSTORM", "id": "150068" }, { "db": "PACKETSTORM", "id": "150057" }, { "db": "PACKETSTORM", "id": "148914" }, { "db": "PACKETSTORM", "id": "149726" }, { "db": "PACKETSTORM", "id": "149024" }, { "db": "PACKETSTORM", "id": "150315" }, { "db": "PACKETSTORM", "id": "149830" }, { "db": "PACKETSTORM", "id": "148916" }, { "db": "PACKETSTORM", "id": "148913" }, { "db": "PACKETSTORM", "id": "149546" }, { "db": "CNNVD", "id": "CNNVD-201808-570" }, { "db": "NVD", "id": "CVE-2018-5391" } ] }, "id": "VAR-201809-1153", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-135422" } ], "trust": 0.6178898079999999 }, "last_update_date": "2024-11-29T20:13:52.332000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "\u682a\u5f0f\u4f1a\u793e\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u30a4\u30cb\u30b7\u30a2\u30c6\u30a3\u30d6\u304b\u3089\u306e\u60c5\u5831", "trust": 0.8, "url": "https://jvn.jp/vu/JVNVU93630542/317632/index.html" }, { "title": "Linux kernel Security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=84156" }, { "title": "Red Hat: Important: kernel security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182846 - Security Advisory" }, { "title": "Red Hat: Important: kernel security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183459 - Security Advisory" }, { "title": "Red Hat: Important: kernel security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182785 - Security Advisory" }, { "title": "Red Hat: Important: kernel security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182925 - Security Advisory" }, { "title": "Debian Security Advisories: DSA-4272-1 linux -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=c4fc75c3940ecd62e6e3d43c90c1ead1" }, { "title": "Red Hat: Important: kernel security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182791 - Security Advisory" }, { "title": "Red Hat: Important: kernel security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182924 - Security Advisory" }, { "title": "Red Hat: Important: kernel security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183590 - Security Advisory" }, { "title": "Red Hat: Important: kernel security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183540 - Security Advisory" }, { "title": "Red Hat: Important: kernel security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182933 - Security Advisory" }, { "title": "Red Hat: Important: kernel-rt security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183586 - Security Advisory" }, { "title": "Arch Linux Advisories: [ASA-201903-11] linux-hardened: denial of service", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201903-11" }, { "title": "Ubuntu Security Notice: linux-hwe, linux-azure, linux-gcp vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3740-2" }, { "title": "IBM: IBM Security Bulletin: Vulnerability in the Linux kernel affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-5391)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=0e5803196f7b186e3c0e200d43325ad6" }, { "title": "Red Hat: CVE-2018-5391", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2018-5391" }, { "title": "Cisco: Linux Kernel IP Fragment Reassembly Denial of Service Vulnerability Affecting Cisco Products: August 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20180824-linux-ip-fragment" }, { "title": "Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3740-1" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2018-5391" }, { "title": "Ubuntu Security Notice: linux regressions", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3741-3" }, { "title": "Ubuntu Security Notice: linux-lts-xenial, linux-aws vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3741-2" }, { "title": "IBM: IBM Security Bulletin: This Power System update is being released to address CVE-2018-5391", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=c5babfeb02fdf3e145c777d8eb6dfd0f" }, { "title": "Ubuntu Security Notice: linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3741-1" }, { "title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-5391)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=cb5671de27781f97454cf1b56d2087e0" }, { "title": "IBM: IBM Security Bulletin: IBM MQ Appliance is affected by a kernel vulnerability (CVE-2018-5391)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=4b24750b4f4494d02c26c4b32a0e107a" }, { "title": "Ubuntu Security Notice: linux-lts-trusty regressions", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3742-3" }, { "title": "Ubuntu Security Notice: linux-lts-trusty vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3742-2" }, { "title": "Ubuntu Security Notice: linux vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3742-1" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=d3eead9065d15844d9f0f319ebc3ef51" }, { "title": "Amazon Linux AMI: ALAS-2018-1058", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2018-1058" }, { "title": "Amazon Linux 2: ALAS2-2018-1058", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2018-1058" }, { "title": "Palo Alto Networks Security Advisory: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=0944feb15e174ce784cc2c5c40d923ea" }, { "title": "Red Hat: Important: kernel-alt security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20182948 - Security Advisory" }, { "title": "Palo Alto Networks Security Advisory: CVE-2018-5391 Information about FragmentSmack findings", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=palo_alto_networks_security_advisory\u0026qid=3c616fb9e55ec6924cfd6ba2622c6c7e" }, { "title": "Red Hat: Important: kernel security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183083 - Security Advisory" }, { "title": "Red Hat: Important: kernel-rt security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20183096 - Security Advisory" }, { "title": "Symantec Security Advisories: Linux Kernel Aug 2017 - Sep 2018 Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=b3193a96468975c04eb9f136ca9abec4" }, { "title": "IBM: IBM Security Bulletin: IBM Security Guardium is affected by Red Hat kernel vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=75b9d198a73a91d81765c8b428423224" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=204a1aa9ebf7b5f47151e8b011269862" }, { "title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - July 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=05b5bbd6fb289370b459faf1f4e3919d" }, { "title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=9cb9a8ed428c6faca615e91d2f1a216d" }, { "title": "IBM: IBM Security Bulletin: Multiple Security Vulnerabilities have been fixed in IBM Security Privileged Identity Manager Appliance.", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=f5bb2b180c7c77e5a02747a1f31830d9" }, { "title": "IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal\u2019s dependencies \u2013 Cumulative list from June 28, 2018 to December 13, 2018", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=43da2cd72c1e378d8d94ecec029fcc61" }, { "title": "my_ref", "trust": 0.1, "url": "https://github.com/chetanshirke/my_ref " }, { "title": "", "trust": 0.1, "url": "https://github.com/ozipoetra/natvps-dns " }, { "title": "cve_diff_checker", "trust": 0.1, "url": "https://github.com/lcatro/cve_diff_checker " }, { "title": "SamsungReleaseNotes", "trust": 0.1, "url": "https://github.com/samreleasenotes/SamsungReleaseNotes " }, { "title": "BleepingComputer", "trust": 0.1, "url": "https://www.bleepingcomputer.com/news/security/windows-systems-vulnerable-to-fragmentsmack-90s-like-dos-bug/" }, { "title": "BleepingComputer", "trust": 0.1, "url": "https://www.bleepingcomputer.com/news/linux/two-ddos-friendly-bugs-fixed-in-linux-kernel/" }, { "title": "BleepingComputer", "trust": 0.1, "url": "https://www.bleepingcomputer.com/news/security/over-80-cisco-products-affected-by-fragmentsmack-dos-bug/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2018-5391" }, { "db": "JVNDB", "id": "JVNDB-2018-006630" }, { "db": "CNNVD", "id": "CNNVD-201808-570" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.8 }, { "problemtype": "CWE-20", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-135422" }, { "db": "JVNDB", "id": "JVNDB-2018-006630" }, { "db": "NVD", "id": "CVE-2018-5391" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "http://www.securityfocus.com/bid/105108" }, { "trust": 3.0, "url": "https://www.kb.cert.org/vuls/id/641765" }, { "trust": 2.4, "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html" }, { "trust": 2.1, "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f" }, { "trust": 2.1, "url": "https://usn.ubuntu.com/3740-1/" }, { "trust": 2.1, "url": "https://usn.ubuntu.com/3740-2/" }, { "trust": 2.1, "url": "https://usn.ubuntu.com/3741-1/" }, { "trust": 2.1, "url": "https://usn.ubuntu.com/3741-2/" }, { "trust": 2.1, "url": "https://usn.ubuntu.com/3742-1/" }, { "trust": 2.1, "url": "https://usn.ubuntu.com/3742-2/" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2018:2785" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2018:2846" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2018:2933" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2018:3083" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2018:3096" }, { "trust": 1.9, "url": "https://access.redhat.com/errata/rhsa-2018:3590" }, { "trust": 1.8, "url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2018-004.txt" }, { "trust": 1.8, "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf" }, { "trust": 1.8, "url": "https://security.netapp.com/advisory/ntap-20181003-0002/" }, { "trust": 1.8, "url": "https://www.debian.org/security/2018/dsa-4272" }, { "trust": 1.8, "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html" }, { "trust": 1.8, "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { "trust": 1.8, "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { "trust": 1.8, "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:2791" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:2924" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:2925" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:2948" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3459" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3540" }, { "trust": 1.8, "url": "https://access.redhat.com/errata/rhsa-2018:3586" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1041476" }, { "trust": 1.8, "url": "http://www.securitytracker.com/id/1041637" }, { "trust": 1.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5391" }, { "trust": 1.1, "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/5782-security-advisory-37" }, { "trust": 1.1, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv180022" }, { "trust": 1.1, "url": "https://support.f5.com/csp/article/k74374841?utm_source=f5support\u0026amp%3butm_medium=rss" }, { "trust": 0.9, "url": "https://access.redhat.com/security/cve/cve-2018-5391" }, { "trust": 0.8, "url": "about vulnerability notes" }, { "trust": 0.8, "url": "contact us about this vulnerability" }, { "trust": 0.8, "url": "provide a vendor statement" }, { "trust": 0.8, "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=\u0026solutionid=sk134253" }, { "trust": 0.8, "url": "https://security-tracker.debian.org/tracker/cve-2018-5391" }, { "trust": 0.8, "url": "https://access.redhat.com/articles/3553061https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-5391" }, { "trust": 0.8, "url": "https://www.suse.com/security/cve/cve-2018-5391" }, { "trust": 0.8, "url": "https://people.canonical.com/" }, { "trust": 0.8, "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-690" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5391" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93630542/" }, { "trust": 0.6, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.6, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.6, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.6, "url": "https://support.f5.com/csp/article/k74374841?utm_source=f5support\u0026utm_medium=rss" }, { "trust": 0.6, "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190541-1.html" }, { "trust": 0.6, "url": "https://security.business.xerox.com/wp-content/uploads/2019/11/cert_security_mini_bulletin_xrx19ak_for_altalinkb80xx-c80xx.pdf" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10872368" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1315/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/75930" }, { "trust": 0.6, "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190123-01-linux-cn" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/76246" }, { "trust": 0.6, "url": "http://www.ibm.com/support/docview.wss?uid=ibm10792535" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/76474" }, { "trust": 0.6, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180824-linux-ip-fragment" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-105-05" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/77246" }, { "trust": 0.6, "url": "https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20200115-01-linux-cn" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-20-105-05" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5390" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18344" }, { "trust": 0.4, "url": "https://access.redhat.com/articles/3553061" }, { "trust": 0.4, "url": "https://wiki.ubuntu.com/securityteam/knowledgebase/l1tf" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3646" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3620" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1609664" }, { "trust": 0.3, "url": "http://www.kernel.org/" }, { "trust": 0.3, "url": "https://securityadvisories.paloaltonetworks.com/home/detail/131" }, { "trust": 0.3, "url": "https://www.oracle.com/technetwork/topics/security/linuxbulletinoct2018-5142979.html" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2017-18344" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-14634" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14634" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10675" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2018-10675" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-13405" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-7740" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5803" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2017-18232" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5344" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-1094" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18208" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-10940" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-17805" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-10881" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-1092" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-1120" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13405" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18232" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000026" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1094" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-7757" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10940" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-0861" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1118" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1130" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2017-10661" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2017-17805" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-10879" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-10902" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2015-8830" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-10883" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-7740" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-5848" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-10322" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2016-4913" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10883" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-1118" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-5803" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10878" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10879" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10902" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-1000026" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2017-0861" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-8781" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-8830" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10322" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10881" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1092" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-5848" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4913" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2017-18208" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-1130" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-10661" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1120" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-10878" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-5344" }, { "trust": 0.2, "url": "https://usn.ubuntu.com/usn/usn-3741-1" }, { "trust": 0.2, "url": "https://access.redhat.com/security/vulnerabilities/mutagen-astronomy" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2018-5390" }, { "trust": 0.1, "url": "https://support.f5.com/csp/article/k74374841?utm_source=f5support\u0026amp;amp;utm_medium=rss" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://github.com/chetanshirke/my_ref" }, { "trust": 0.1, "url": "https://tools.cisco.com/security/center/viewalert.x?alertid=58766" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index.html" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux/4.4.0-133.159" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1094.102" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1098.103" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1065.75" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1031.37" }, { "trust": 0.1, "url": "https://access.redhat.com/articles/3635371" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3742-2" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3742-3" }, { "trust": 0.1, "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787258" }, { "trust": 0.1, "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1787127" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1027.30" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-lts-xenial/4.4.0-133.159~14.04.1" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3741-2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1017.18~16.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-32.35~16.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1021.21~16.04.1" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3740-2" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/usn/usn-3740-1" } ], "sources": [ { "db": "CERT/CC", "id": "VU#641765" }, { "db": "VULHUB", "id": "VHN-135422" }, { "db": "VULMON", "id": "CVE-2018-5391" }, { "db": "BID", "id": "105108" }, { "db": "JVNDB", "id": "JVNDB-2018-006630" }, { "db": "PACKETSTORM", "id": "150068" }, { "db": "PACKETSTORM", "id": "150057" }, { "db": "PACKETSTORM", "id": "148914" }, { "db": "PACKETSTORM", "id": "149726" }, { "db": "PACKETSTORM", "id": "149024" }, { "db": "PACKETSTORM", "id": "150315" }, { "db": "PACKETSTORM", "id": "149830" }, { "db": "PACKETSTORM", "id": "148916" }, { "db": "PACKETSTORM", "id": "148913" }, { "db": "PACKETSTORM", "id": "149546" }, { "db": "CNNVD", "id": "CNNVD-201808-570" }, { "db": "NVD", "id": "CVE-2018-5391" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#641765" }, { "db": "VULHUB", "id": "VHN-135422" }, { "db": "VULMON", "id": "CVE-2018-5391" }, { "db": "BID", "id": "105108" }, { "db": "JVNDB", "id": "JVNDB-2018-006630" }, { "db": "PACKETSTORM", "id": "150068" }, { "db": "PACKETSTORM", "id": "150057" }, { "db": "PACKETSTORM", "id": "148914" }, { "db": "PACKETSTORM", "id": "149726" }, { "db": "PACKETSTORM", "id": "149024" }, { "db": "PACKETSTORM", "id": "150315" }, { "db": "PACKETSTORM", "id": "149830" }, { "db": "PACKETSTORM", "id": "148916" }, { "db": "PACKETSTORM", "id": "148913" }, { "db": "PACKETSTORM", "id": "149546" }, { "db": "CNNVD", "id": "CNNVD-201808-570" }, { "db": "NVD", "id": "CVE-2018-5391" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-08-14T00:00:00", "db": "CERT/CC", "id": "VU#641765" }, { "date": "2018-09-06T00:00:00", "db": "VULHUB", "id": "VHN-135422" }, { "date": "2018-09-06T00:00:00", "db": "VULMON", "id": "CVE-2018-5391" }, { "date": "2018-08-14T00:00:00", "db": "BID", "id": "105108" }, { "date": "2018-08-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-006630" }, { "date": "2018-10-31T01:11:41", "db": "PACKETSTORM", "id": "150068" }, { "date": "2018-10-31T01:00:50", "db": "PACKETSTORM", "id": "150057" }, { "date": "2018-08-15T04:42:46", "db": "PACKETSTORM", "id": "148914" }, { "date": "2018-10-09T17:02:09", "db": "PACKETSTORM", "id": "149726" }, { "date": "2018-08-21T20:20:00", "db": "PACKETSTORM", "id": "149024" }, { "date": "2018-11-14T01:33:23", "db": "PACKETSTORM", "id": "150315" }, { "date": "2018-10-17T15:42:07", "db": "PACKETSTORM", "id": "149830" }, { "date": "2018-08-15T04:42:57", "db": "PACKETSTORM", "id": "148916" }, { "date": "2018-08-15T04:42:40", "db": "PACKETSTORM", "id": "148913" }, { "date": "2018-09-25T23:02:55", "db": "PACKETSTORM", "id": "149546" }, { "date": "2018-08-20T00:00:00", "db": "CNNVD", "id": "CNNVD-201808-570" }, { "date": "2018-09-06T21:29:00.363000", "db": "NVD", "id": "CVE-2018-5391" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-12T00:00:00", "db": "CERT/CC", "id": "VU#641765" }, { "date": "2022-12-28T00:00:00", "db": "VULHUB", "id": "VHN-135422" }, { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2018-5391" }, { "date": "2019-02-15T14:00:00", "db": "BID", "id": "105108" }, { "date": "2019-07-26T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-006630" }, { "date": "2022-12-29T00:00:00", "db": "CNNVD", "id": "CNNVD-201808-570" }, { "date": "2024-11-21T04:08:43.897000", "db": "NVD", "id": "CVE-2018-5391" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201808-570" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Linux kernel IP fragment re-assembly vulnerable to denial of service", "sources": [ { "db": "CERT/CC", "id": "VU#641765" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201808-570" } ], "trust": 0.6 } }
var-201904-0174
Vulnerability from variot
The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device.
The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. Multiple Siemens products contain input validation vulnerabilities.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensCP, SIAMTIC, SIMOCODE, SINAMICS, SITOP and TIM are all devices manufactured by Siemens. Multiple Siemens products are prone to an unspecified denial-of-service vulnerability. Attackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. A vulnerability has been identified in CP1604, CP1616, SIMATIC CP343-1 Advanced, SIMATIC CP443-1, SIMATIC CP443-1 Advanced, SIMATIC CP443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC, SIMATIC ET 200 SP Open Controller CPU 1515SP PC2, SIMATIC HMI Comfort Outdoor Panels 7" & 15", SIMATIC HMI Comfort Panels 4" - 22", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family, SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family, SIMATIC S7-400 PN (incl. F) V6 and below, SIMATIC S7-400 PN/DP V7 (incl. F), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP, SIMOCODE pro V PN, SINAMICS G130 V4.6 (Control Unit), SINAMICS G130 V4.7 (Control Unit), SINAMICS G130 V4.7 SP1 (Control Unit), SINAMICS G130 V4.8 (Control Unit), SINAMICS G130 V5.1 (Control Unit), SINAMICS G130 V5.1 SP1 (Control Unit), SINAMICS G150 V4.6 (Control Unit), SINAMICS G150 V4.7 (Control Unit), SINAMICS G150 V4.7 SP1 (Control Unit), SINAMICS G150 V4.8 (Control Unit), SINAMICS G150 V5.1 (Control Unit), SINAMICS G150 V5.1 SP1 (Control Unit), SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 (Control Unit), SINAMICS S120 V4.7 (Control Unit), SINAMICS S120 V4.7 SP1 (Control Unit), SINAMICS S120 V4.8 (Control Unit), SINAMICS S120 V5.1 (Control Unit), SINAMICS S120 V5.1 SP1 (Control Unit), SINAMICS S150 V4.6 (Control Unit), SINAMICS S150 V4.7 (Control Unit), SINAMICS S150 V4.7 SP1 (Control Unit), SINAMICS S150 V4.8 (Control Unit), SINAMICS S150 V5.1 (Control Unit), SINAMICS S150 V5.1 SP1 (Control Unit), SINAMICS S210 V5.1 (Control Unit), SINAMICS S210 V5.1 SP1 (Control Unit), SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600, TIM 1531 IRC. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SIMATIC S7-1500 CPU, etc. are all products of German Siemens (Siemens). SIMATIC S7-1500 CPU is a CPU (central processing unit) module. CP1616 is a communications processor. SIMATIC S7-1500 is a programmable logic controller. The vulnerability stems from the failure of the network system or product to properly validate the input data
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0174", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "sinamics s210", "scope": "eq", "trust": 1.3, "vendor": "siemens", "version": "5.1" }, { "model": "sinamics s150", "scope": "eq", "trust": 1.3, "vendor": "siemens", "version": "5.1" }, { "model": "simatic hmi comfort outdoor panels", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic hmi ktp mobile panels ktp900f", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic hmi ktp mobile panels ktp700f", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "sinamics sm120", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "simatic s7-plcsim advanced", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "simatic ipc diagmonitor", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.1.3" }, { "model": "simatic s7-1500s", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.6.1" }, { "model": "sinamics gh150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "simatic hmi ktp mobile panels ktp900", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic wincc runtime advanced", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "sinamics gl150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "simatic s7-400 pn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simocode pro v pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1.3" }, { "model": "sinamics gm150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "simatic hmi ktp mobile panels ktp700", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic s7-1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.6.1" }, { "model": "simatic cp443-1 advanced", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics sl150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sitop manager", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "sinamics sm120", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "simatic hmi comfort panels", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic hmi ktp mobile panels ktp400f", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic et 200 sp open controller cpu 1515sp pc2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7" }, { "model": "sinamics g130", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2" }, { "model": "cp1604", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic winac rtx", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2010" }, { "model": "sinamics s120", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2" }, { "model": "sitop psu8600", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.5" }, { "model": "simatic hmi ktp mobile panels ktp700f", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic cp443-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simocode pro v eip", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1.3" }, { "model": "simatic s7-plcsim advanced", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "simatic s7-400 pn\\/dp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sitop ups1600", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3" }, { "model": "simatic s7-1500 software controller", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7" }, { "model": "sinamics sm150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.1" }, { "model": "simatic rf182c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic rf600r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2.1" }, { "model": "cp1616", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic teleservice adapter ie standard", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic rf185c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1.0" }, { "model": "simatic rf186c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1.0" }, { "model": "simatic hmi comfort outdoor panels", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic teleservice adapter ie basic", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic hmi ktp mobile panels ktp900f", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "sinamics gm150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "simatic s7-1500t", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.6.1" }, { "model": "simatic hmi ktp mobile panels ktp700", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic hmi ktp mobile panels ktp900", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic s7-300", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "simatic wincc runtime advanced", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "sinamics gh150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "simatic rf188c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1.0" }, { "model": "simatic hmi ktp mobile panels ktp400f", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "sinamics gl150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "simatic et 200 sp open controller cpu 1515sp pc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1.6" }, { "model": "sinamics g150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2" }, { "model": "sinamics s150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.1" }, { "model": "simatic winac rtx", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2010" }, { "model": "sinamics sl150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "simatic cp443-1 opc ua", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics sm150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "5.1" }, { "model": "simatic hmi comfort panels", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic rf181-eip", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "tim 1531 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "simatic s7-1500f", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.6.1" }, { "model": "simatic cp343-1 advanced", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics s210", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.1" }, { "model": "simatic teleservice adapter ie advanced", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1543sp-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1604", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1616", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 343-1 advanced", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 443-1 adv", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 443-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200 sp open controller cpu 1515sp pc", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200 sp open controller cpu 1515sp pc2", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic hmi comfort outdoor panels", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic hmi comfort panels", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic rf185c", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": null, "scope": "eq", "trust": 0.6, "vendor": "sinamics s150", "version": "5.1" }, { "model": "simatic winac rtx sp2 all", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "2010" }, { "model": "simatic s7-300 cpu family all", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic s7-400 pn/dp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v7" }, { "model": "simatic s7-1500 software controller", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinamics s120", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinamics g130 and g150", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic rf182c", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic wincc runtime advanced", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp443-1 opc ua", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic ipc diagmonitor", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic rf188c", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic rf600r", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "cp1604", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "cp1616", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic et sp open controller cpu 1515sp pc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "200\u003cv2.1.6" }, { "model": "simatic hmi comfort panels 4\" 22\"", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic hmi ktp mobile panels", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500 cpu family", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic s7-400 pn", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v6" }, { "model": "sinamics s150", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinamics s210", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v5.1" }, { "model": "sinamics s210 sp1", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v5.1" }, { "model": "tim irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1531" }, { "model": "simatic hmi comfort outdoor panels 7\" \u0026 15\"", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic rf181-eip", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic rf186c", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic s7-plcsim advanced", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic teleservice adapter ie advanced", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic teleservice adapter ie basic", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic teleservice adapter ie standard", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simocode pro eip", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v" }, { "model": "simocode pro pn", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "v" }, { "model": "sitop manager", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sitop psu8600", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sitop ups1600", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "siamtic rf185c", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp343-1 advanced", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp443-1", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp443-1 advanced", "scope": null, "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic et sp open controller cpu 1515sp pc2", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "200" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "sinamics s210", "version": "5.1" }, { "model": "tim irc", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "15310" }, { "model": "sitop ups1600", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sitop psu8600", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sitop manager", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinamics s210 sp1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "5.1" }, { "model": "sinamics s150 sp1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "5.1" }, { "model": "sinamics s150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics s150 sp1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics s150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics s150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.6" }, { "model": "sinamics s120 sp1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "5.1" }, { "model": "sinamics s120", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "5.1" }, { "model": "sinamics s120", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics s120 sp1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics s120", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics s120", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.6" }, { "model": "sinamics g150 sp1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "5.1" }, { "model": "sinamics g150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "5.1" }, { "model": "sinamics g150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics g150 sp1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics g150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics g150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.6" }, { "model": "sinamics g130 sp1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "5.1" }, { "model": "sinamics g130", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "5.1" }, { "model": "sinamics g130", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics g130 sp1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics g130", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics g130", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.6" }, { "model": "simocode pro pn", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "v0" }, { "model": "simocode pro eip", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "v0" }, { "model": "simatic wincc runtime advanced", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic winac rtx", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "20100" }, { "model": "simatic teleservice adapter ie standard", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic teleservice adapter ie basic", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic teleservice adapter ie advanced", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-plcsim advanced", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-400 pn/dp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "7" }, { "model": "simatic s7-400 pn", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "v60" }, { "model": "simatic s7-300 cpu", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-1500 software controller", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-1500 cpu", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic rf600r", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic rf188c", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic rf186c", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic rf185c", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic rf182c", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic ipc diagmonitor", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic hmi ktp900f mobile", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic hmi ktp900 mobile", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic hmi ktp700f mobile", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic hmi ktp700 mobile", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic hmi ktp400f mobile", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic hmi ktp mobile panels", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic hmi comfort panels", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic hmi comfort outdoor panels", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic et200 open controller cpu 1515sp pc2", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic et200 open controller cpu 1515sp pc", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic cp opc ua", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "443-10" }, { "model": "simatic cp advanced", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "443-10" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "443-10" }, { "model": "simatic cp advanced", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "343-10" }, { "model": "rfid 181-eip", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "16160" }, { "model": "cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "16040" }, { "model": "sinamics s150 sp1 hf4", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "5.1" }, { "model": "sinamics s150 hf6", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics s120 sp1 hf4", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "5.1" }, { "model": "sinamics s120 hf6", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics g150 sp1 hf4", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "5.1" }, { "model": "sinamics g150 hf6", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics g130 sp1 hf4", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "5.1" }, { "model": "sinamics g130 hf6", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "simatic s7-300 cpu", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "v3.x.16" }, { "model": "simatic et200 open controller cpu 1515sp pc", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "2.1.6" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "cp1604", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi comfort panels", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi ktp mobile panels ktp400f", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi ktp mobile panels ktp700", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi ktp mobile panels ktp700f", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi ktp mobile panels ktp900", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi ktp mobile panels ktp900f", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp443 1 opc ua", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic ipc diagmonitor", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500 controller", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 plcsim advanced", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic wincc runtime advanced", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sitop manager", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf600r", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf188c", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf186c", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "cp1616", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf182c", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf181 eip", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 400 pn", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 400 pn dp", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic teleservice adapter ie advanced", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic teleservice adapter ie basic", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic teleservice adapter ie standard", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic winac rtx 2010", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf185c", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simocode pro v eip", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simocode pro v pn", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g130", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g150", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s120", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s150", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s210", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sitop psu8600", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sitop ups1600", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "tim 1531 irc", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp343 1 advanced", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500f", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500s", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500t", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp443 1", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp443 1 advanced", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200 sp open controller cpu 1515sp pc", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200 sp open controller cpu 1515sp pc2", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi comfort outdoor panels", "version": "*" } ], "sources": [ { "db": "IVD", "id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12" }, { "db": "CNVD", "id": "CNVD-2019-12904" }, { "db": "BID", "id": "107842" }, { "db": "JVNDB", "id": "JVNDB-2019-003541" }, { "db": "NVD", "id": "CVE-2019-6568" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:siemens:simatic_cp_1604_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:simatic_cp_1616_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:simatic_cp343-1_advanced_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_adv_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:simatic_cp_443-1_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:simatic_et_200_sp_open_controller_cpu_1515sp_pc2_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_outdoor_panels_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:simatic_hmi_comfort_panels", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:simatic_rf185c_firmware", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003541" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported this vulnerability to NCCIC.", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-458" } ], "trust": 0.6 }, "cve": "CVE-2019-6568", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2019-6568", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2019-12904", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "VHN-158003", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2019-6568", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2019-6568", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-6568", "trust": 1.0, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2019-6568", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2019-6568", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2019-12904", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201904-458", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-158003", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12" }, { "db": "CNVD", "id": "CNVD-2019-12904" }, { "db": "VULHUB", "id": "VHN-158003" }, { "db": "JVNDB", "id": "JVNDB-2019-003541" }, { "db": "CNNVD", "id": "CNNVD-201904-458" }, { "db": "NVD", "id": "CVE-2019-6568" }, { "db": "NVD", "id": "CVE-2019-6568" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The webserver of the affected devices contains a vulnerability that may lead to\r\na denial of service condition. An attacker may cause a denial of service\r\nsituation which leads to a restart of the webserver of the affected device. \r\n\r\nThe security vulnerability could be exploited by an attacker with network\r\naccess to the affected systems. Successful exploitation requires no system\r\nprivileges and no user interaction. An attacker could use the vulnerability\r\nto compromise availability of the device. Multiple Siemens products contain input validation vulnerabilities.Service operation interruption (DoS) There is a possibility of being put into a state. SiemensCP, SIAMTIC, SIMOCODE, SINAMICS, SITOP and TIM are all devices manufactured by Siemens. Multiple Siemens products are prone to an unspecified denial-of-service vulnerability. \nAttackers can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. A vulnerability has been identified in CP1604, CP1616, SIMATIC CP343-1 Advanced, SIMATIC CP443-1, SIMATIC CP443-1 Advanced, SIMATIC CP443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC, SIMATIC ET 200 SP Open Controller CPU 1515SP PC2, SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\", SIMATIC HMI Comfort Panels 4\" - 22\", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family, SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family, SIMATIC S7-400 PN (incl. F) V6 and below, SIMATIC S7-400 PN/DP V7 (incl. F), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP, SIMOCODE pro V PN, SINAMICS G130 V4.6 (Control Unit), SINAMICS G130 V4.7 (Control Unit), SINAMICS G130 V4.7 SP1 (Control Unit), SINAMICS G130 V4.8 (Control Unit), SINAMICS G130 V5.1 (Control Unit), SINAMICS G130 V5.1 SP1 (Control Unit), SINAMICS G150 V4.6 (Control Unit), SINAMICS G150 V4.7 (Control Unit), SINAMICS G150 V4.7 SP1 (Control Unit), SINAMICS G150 V4.8 (Control Unit), SINAMICS G150 V5.1 (Control Unit), SINAMICS G150 V5.1 SP1 (Control Unit), SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 (Control Unit), SINAMICS S120 V4.7 (Control Unit), SINAMICS S120 V4.7 SP1 (Control Unit), SINAMICS S120 V4.8 (Control Unit), SINAMICS S120 V5.1 (Control Unit), SINAMICS S120 V5.1 SP1 (Control Unit), SINAMICS S150 V4.6 (Control Unit), SINAMICS S150 V4.7 (Control Unit), SINAMICS S150 V4.7 SP1 (Control Unit), SINAMICS S150 V4.8 (Control Unit), SINAMICS S150 V5.1 (Control Unit), SINAMICS S150 V5.1 SP1 (Control Unit), SINAMICS S210 V5.1 (Control Unit), SINAMICS S210 V5.1 SP1 (Control Unit), SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600, TIM 1531 IRC. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens SIMATIC S7-1500 CPU, etc. are all products of German Siemens (Siemens). SIMATIC S7-1500 CPU is a CPU (central processing unit) module. CP1616 is a communications processor. SIMATIC S7-1500 is a programmable logic controller. The vulnerability stems from the failure of the network system or product to properly validate the input data", "sources": [ { "db": "NVD", "id": "CVE-2019-6568" }, { "db": "JVNDB", "id": "JVNDB-2019-003541" }, { "db": "CNVD", "id": "CNVD-2019-12904" }, { "db": "BID", "id": "107842" }, { "db": "IVD", "id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12" }, { "db": "VULHUB", "id": "VHN-158003" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-6568", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-19-099-06", "trust": 2.3 }, { "db": "SIEMENS", "id": "SSA-480230", "trust": 2.0 }, { "db": "SIEMENS", "id": "SSA-530931", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-19-227-04", "trust": 1.4 }, { "db": "BID", "id": "107842", "trust": 1.0 }, { "db": "CNNVD", "id": "CNNVD-201904-458", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2019-12904", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2019-003541", "trust": 0.8 }, { "db": "AUSCERT", "id": "ESB-2019.3150", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2019.1204.2", "trust": 0.6 }, { "db": "IVD", "id": "A397CC8B-EE17-4FAF-8447-E9EE5F57DD12", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-158003", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12" }, { "db": "CNVD", "id": "CNVD-2019-12904" }, { "db": "VULHUB", "id": "VHN-158003" }, { "db": "BID", "id": "107842" }, { "db": "JVNDB", "id": "JVNDB-2019-003541" }, { "db": "CNNVD", "id": "CNNVD-201904-458" }, { "db": "NVD", "id": "CVE-2019-6568" } ] }, "id": "VAR-201904-0174", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12" }, { "db": "CNVD", "id": "CNVD-2019-12904" }, { "db": "VULHUB", "id": "VHN-158003" } ], "trust": 1.5998432480392157 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS", "Network device" ], "sub_category": null, "trust": 0.6 }, { "category": [ "ICS" ], "sub_category": null, "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12" }, { "db": "CNVD", "id": "CNVD-2019-12904" } ] }, "last_update_date": "2024-11-23T22:25:58.024000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-480230", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf" }, { "title": "SSA-530931", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf" }, { "title": "Patches for multiple Siemens product denial of service vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/160237" }, { "title": "Multiple Siemens Product security vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=91286" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-12904" }, { "db": "JVNDB", "id": "JVNDB-2019-003541" }, { "db": "CNNVD", "id": "CNNVD-201904-458" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-125", "trust": 1.1 }, { "problemtype": "CWE-20", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-158003" }, { "db": "JVNDB", "id": "JVNDB-2019-003541" }, { "db": "NVD", "id": "CVE-2019-6568" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-19-099-06" }, { "trust": 2.0, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf" }, { "trust": 1.4, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-227-04" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6568" }, { "trust": 0.9, "url": "http://subscriber.communications.siemens.com/" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6568" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2019.3150/" }, { "trust": 0.6, "url": "https://www.us-cert.gov/ics/advisories/icsa-19-099-06" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-19-099-06" }, { "trust": 0.6, "url": "https://www.securityfocus.com/bid/107842" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/siemens-simatic-denial-of-service-via-webserver-28976" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/78710" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2019-12904" }, { "db": "VULHUB", "id": "VHN-158003" }, { "db": "BID", "id": "107842" }, { "db": "JVNDB", "id": "JVNDB-2019-003541" }, { "db": "CNNVD", "id": "CNNVD-201904-458" }, { "db": "NVD", "id": "CVE-2019-6568" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12" }, { "db": "CNVD", "id": "CNVD-2019-12904" }, { "db": "VULHUB", "id": "VHN-158003" }, { "db": "BID", "id": "107842" }, { "db": "JVNDB", "id": "JVNDB-2019-003541" }, { "db": "CNNVD", "id": "CNNVD-201904-458" }, { "db": "NVD", "id": "CVE-2019-6568" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-05-05T00:00:00", "db": "IVD", "id": "a397cc8b-ee17-4faf-8447-e9ee5f57dd12" }, { "date": "2019-05-05T00:00:00", "db": "CNVD", "id": "CNVD-2019-12904" }, { "date": "2019-04-17T00:00:00", "db": "VULHUB", "id": "VHN-158003" }, { "date": "2019-04-09T00:00:00", "db": "BID", "id": "107842" }, { "date": "2019-05-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003541" }, { "date": "2019-04-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-458" }, { "date": "2019-04-17T14:29:03.683000", "db": "NVD", "id": "CVE-2019-6568" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-05-07T00:00:00", "db": "CNVD", "id": "CNVD-2019-12904" }, { "date": "2023-01-10T00:00:00", "db": "VULHUB", "id": "VHN-158003" }, { "date": "2019-04-09T00:00:00", "db": "BID", "id": "107842" }, { "date": "2019-08-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2019-003541" }, { "date": "2023-04-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201904-458" }, { "date": "2024-11-21T04:46:42.773000", "db": "NVD", "id": "CVE-2019-6568" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-458" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerability related to input validation in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2019-003541" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201904-458" } ], "trust": 0.6 } }
var-202106-1490
Vulnerability from variot
A vulnerability has been identified in SIMATIC RF166C (All versions > V1.1 and < V1.3.2), SIMATIC RF185C (All versions > V1.1 and < V1.3.2), SIMATIC RF186C (All versions > V1.1 and < V1.3.2), SIMATIC RF186CI (All versions > V1.1 and < V1.3.2), SIMATIC RF188C (All versions > V1.1 and < V1.3.2), SIMATIC RF188CI (All versions > V1.1 and < V1.3.2), SIMATIC RF360R (All versions < V2.0), SIMATIC Reader RF610R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF610R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF610R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF615R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF615R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF615R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF650R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF650R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF650R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF680R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF680R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF680R FCC (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ARIB (All versions > V3.0 < V4.0), SIMATIC Reader RF685R CMIIT (All versions > V3.0 < V4.0), SIMATIC Reader RF685R ETSI (All versions > V3.0 < V4.0), SIMATIC Reader RF685R FCC (All versions > V3.0 < V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation. plural SIMATIC The product contains a resource depletion vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202106-1490", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic reader rf610r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "simatic reader rf685r etsi", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic reader rf615r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "simatic reader rf650r cmiit", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic reader rf650r fcc", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic reader rf685r cmiit", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic rf188ci", "scope": "gt", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "simatic reader rf680r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "simatic reader rf610r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "simatic reader rf680r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "simatic reader rf680r arib", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "simatic rf186c", "scope": "gt", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "simatic rf360r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "simatic reader rf615r cmiit", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic reader rf615r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "simatic reader rf685r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "simatic reader rf685r arib", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "simatic rf166c", "scope": "gt", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "simatic rf186ci", "scope": "gt", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "simatic reader rf680r etsi", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic reader rf650r etsi", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic reader rf610r etsi", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic rf185c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.3.2" }, { "model": "simatic reader rf650r arib", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic rf188c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.3.2" }, { "model": "simatic reader rf650r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "simatic reader rf685r fcc", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic reader rf650r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "simatic reader rf610r fcc", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic rf188ci", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.3.2" }, { "model": "simatic reader rf615r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "simatic reader rf615r etsi", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic reader rf685r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "simatic reader rf650r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "simatic reader rf610r cmiit", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic reader rf680r arib", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic reader rf680r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "simatic rf186ci", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.3.2" }, { "model": "simatic reader rf610r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "simatic rf188c", "scope": "gt", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "simatic rf186c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.3.2" }, { "model": "simatic reader rf615r fcc", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic rf185c", "scope": "gt", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "simatic reader rf685r arib", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic reader rf650r arib", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "simatic reader rf680r cmiit", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic rf166c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.3.2" }, { "model": "simatic reader rf680r fcc", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic reader rf685r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "simatic rf185c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf360r", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf685r", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf188ci", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf680r", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf186ci", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf188c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf615r", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf186c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf166c", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-008155" }, { "db": "NVD", "id": "CVE-2021-31340" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported this vulnerability to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-475" } ], "trust": 0.6 }, "cve": "CVE-2021-31340", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2021-31340", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2021-31340", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-31340", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-31340", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2021-31340", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-202106-475", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-31340", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-31340" }, { "db": "JVNDB", "id": "JVNDB-2021-008155" }, { "db": "CNNVD", "id": "CNNVD-202106-475" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "NVD", "id": "CVE-2021-31340" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC RF166C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF185C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF186C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF186CI (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF188C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF188CI (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF360R (All versions \u003c V2.0), SIMATIC Reader RF610R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF610R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF610R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R FCC (All versions \u003e V3.0 \u003c V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation. plural SIMATIC The product contains a resource depletion vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-31340" }, { "db": "JVNDB", "id": "JVNDB-2021-008155" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-31340" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-31340", "trust": 3.3 }, { "db": "SIEMENS", "id": "SSA-787292", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-21-159-13", "trust": 1.5 }, { "db": "JVN", "id": "JVNVU95781418", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-008155", "trust": 0.8 }, { "db": "CS-HELP", "id": "SB2021061004", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202106-475", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-31340", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-31340" }, { "db": "JVNDB", "id": "JVNDB-2021-008155" }, { "db": "CNNVD", "id": "CNNVD-202106-475" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "NVD", "id": "CVE-2021-31340" } ] }, "id": "VAR-202106-1490", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.5248015850000001 }, "last_update_date": "2024-08-14T12:50:24.769000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-787292", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf" }, { "title": "Siemens SIMATIC Remediation of resource management error vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154812" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=4afce23c1d098bd5a98b3faa63307634" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-31340" }, { "db": "JVNDB", "id": "JVNDB-2021-008155" }, { "db": "CNNVD", "id": "CNNVD-202106-475" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.0 }, { "problemtype": "Resource exhaustion (CWE-400) [ Other ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-008155" }, { "db": "NVD", "id": "CVE-2021-31340" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf" }, { "trust": 0.9, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-159-13" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu95781418/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31340" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021061004" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/simatic-rfid-readers-overload-via-incoming-connections-35642" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-13" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/400.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-31340" }, { "db": "JVNDB", "id": "JVNDB-2021-008155" }, { "db": "CNNVD", "id": "CNNVD-202106-475" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "NVD", "id": "CVE-2021-31340" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2021-31340" }, { "db": "JVNDB", "id": "JVNDB-2021-008155" }, { "db": "CNNVD", "id": "CNNVD-202106-475" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "NVD", "id": "CVE-2021-31340" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-06-08T00:00:00", "db": "VULMON", "id": "CVE-2021-31340" }, { "date": "2022-03-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-008155" }, { "date": "2021-06-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-475" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-06-08T20:15:08.853000", "db": "NVD", "id": "CVE-2021-31340" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-04-12T00:00:00", "db": "VULMON", "id": "CVE-2021-31340" }, { "date": "2022-03-04T08:56:00", "db": "JVNDB", "id": "JVNDB-2021-008155" }, { "date": "2022-05-23T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-475" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-10-06T17:28:44.817000", "db": "NVD", "id": "CVE-2021-31340" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-475" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural \u00a0SIMATIC\u00a0 Resource depletion vulnerability in the product", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-008155" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-475" } ], "trust": 0.6 } }
var-202409-0242
Vulnerability from variot
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The service log files of the affected application can be accessed without proper authentication. This could allow an unauthenticated attacker to get access to sensitive information. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products, such as firmware, are vulnerable to lack of authentication for critical functions.Information may be obtained. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods, or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202409-0242", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic rf166c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic reader rf650r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf680r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r arib", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic rf1170r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "simatic reader rf615r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic rf188ci", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf1140r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "simatic rf188c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf186ci", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf186c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf185c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic reader rf680r arib", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf610r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic rf360r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic reader rf615r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf610r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf680r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf615r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf680r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf610r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r arib", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r arib", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf650r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf615r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf610r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf610r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf650r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf1140r", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf1170r", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf360r", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf615r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r arib", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r arib", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf615r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf650r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf166c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf185c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf186c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf186ci", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf188c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf188ci", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic reader rf610r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf610r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf610r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf615r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf615r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf615r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r arib", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r arib", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r arib", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic rf1140r", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v1.1" }, { "model": "simatic rf1170r", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v1.1" }, { "model": "simatic rf360r", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38010" }, { "db": "JVNDB", "id": "JVNDB-2024-008405" }, { "db": "NVD", "id": "CVE-2024-37991" } ] }, "cve": "CVE-2024-37991", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 5.4, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 4.9, "id": "CNVD-2024-38010", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2024-37991", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.6, "id": "CVE-2024-37991", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2024-37991", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2024-37991", "trust": 1.0, "value": "MEDIUM" }, { "author": "productcert@siemens.com", "id": "CVE-2024-37991", "trust": 1.0, "value": "Medium" }, { "author": "NVD", "id": "CVE-2024-37991", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2024-38010", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38010" }, { "db": "JVNDB", "id": "JVNDB-2024-008405" }, { "db": "NVD", "id": "CVE-2024-37991" }, { "db": "NVD", "id": "CVE-2024-37991" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The service log files of the affected application can be accessed without proper authentication. This could allow an unauthenticated attacker to get access to sensitive information. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products, such as firmware, are vulnerable to lack of authentication for critical functions.Information may be obtained. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods, or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. The SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface", "sources": [ { "db": "NVD", "id": "CVE-2024-37991" }, { "db": "JVNDB", "id": "JVNDB-2024-008405" }, { "db": "CNVD", "id": "CNVD-2024-38010" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-37991", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-765405", "trust": 2.4 }, { "db": "JVN", "id": "JVNVU90825867", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-24-256-07", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2024-008405", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2024-38010", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38010" }, { "db": "JVNDB", "id": "JVNDB-2024-008405" }, { "db": "NVD", "id": "CVE-2024-37991" } ] }, "id": "VAR-202409-0242", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2024-38010" } ], "trust": 1.07222222 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38010" } ] }, "last_update_date": "2024-09-20T21:26:56.827000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens SIMATIC RFID Readers Information Disclosure Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/590351" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38010" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-200", "trust": 1.0 }, { "problemtype": "CWE-306", "trust": 1.0 }, { "problemtype": "information leak (CWE-200) [ others ]", "trust": 0.8 }, { "problemtype": " Lack of authentication for critical features (CWE-306) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-008405" }, { "db": "NVD", "id": "CVE-2024-37991" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu90825867/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-37991" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-07" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38010" }, { "db": "JVNDB", "id": "JVNDB-2024-008405" }, { "db": "NVD", "id": "CVE-2024-37991" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2024-38010" }, { "db": "JVNDB", "id": "JVNDB-2024-008405" }, { "db": "NVD", "id": "CVE-2024-37991" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-09-13T00:00:00", "db": "CNVD", "id": "CNVD-2024-38010" }, { "date": "2024-09-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-008405" }, { "date": "2024-09-10T10:15:10.600000", "db": "NVD", "id": "CVE-2024-37991" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-09-12T00:00:00", "db": "CNVD", "id": "CNVD-2024-38010" }, { "date": "2024-09-19T06:57:00", "db": "JVNDB", "id": "JVNDB-2024-008405" }, { "date": "2024-09-18T15:29:44.390000", "db": "NVD", "id": "CVE-2024-37991" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Lack of authentication for critical functions in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-008405" } ], "trust": 0.8 } }
var-202409-0245
Vulnerability from variot
A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions < V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions < V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions < V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions < V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions < V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions < V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions < V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions < V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions < V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions < V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions < V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions < V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions < V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions < V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions < V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions < V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions < V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions < V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions < V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions < V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions < V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions < V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions < V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions < V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions < V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions < V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions < V2.2). The affected applications do not authenticated the creation of Ajax2App instances. This could allow an unauthenticated attacker to cause a denial of service condition. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products such as firmware have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods, or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface.
Siemens SIMATIC RFID Readers have an improper access control vulnerability, which is caused by the fact that the affected application does not authenticate the creation of the Ajax2App instance
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202409-0245", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic rf166c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic reader rf650r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf680r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r arib", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic rf1170r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "simatic reader rf615r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic rf188ci", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf1140r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "simatic rf188c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf186ci", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf186c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic rf185c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic reader rf680r arib", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf610r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic rf360r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "simatic reader rf615r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf610r cmiit", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf680r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf615r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf680r etsi", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf610r fcc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf685r arib", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2" }, { "model": "simatic reader rf650r arib", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf650r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf615r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf610r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf610r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf650r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf1140r", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf1170r", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf360r", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf615r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r arib", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r arib", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf615r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r etsi", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf650r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf680r fcc", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic reader rf685r cmiit", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic rf166c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf185c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf186c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf186ci", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf188c", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic rf188ci", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" }, { "model": "simatic reader rf610r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf610r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf610r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf615r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf615r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf615r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r arib", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf650r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r arib", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf680r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r arib", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r cmiit", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r etsi", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic reader rf685r fcc", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v4.2" }, { "model": "simatic rf1140r", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v1.1" }, { "model": "simatic rf1170r", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v1.1" }, { "model": "simatic rf360r", "scope": "lt", "trust": 0.6, "vendor": "siemens", "version": "v2.2" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38008" }, { "db": "JVNDB", "id": "JVNDB-2024-008396" }, { "db": "NVD", "id": "CVE-2024-37993" } ] }, "cve": "CVE-2024-37993", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CNVD-2024-38008", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2024-37993", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 3.9, "id": "CVE-2024-37993", "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.5, "baseSeverity": "High", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2024-37993", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2024-37993", "trust": 1.0, "value": "HIGH" }, { "author": "productcert@siemens.com", "id": "CVE-2024-37993", "trust": 1.0, "value": "Medium" }, { "author": "NVD", "id": "CVE-2024-37993", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2024-38008", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38008" }, { "db": "JVNDB", "id": "JVNDB-2024-008396" }, { "db": "NVD", "id": "CVE-2024-37993" }, { "db": "NVD", "id": "CVE-2024-37993" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The affected applications do not authenticated the creation of Ajax2App instances. This could allow an unauthenticated attacker to cause a denial of service condition. SIMATIC RF360R firmware, simatic rf1170r firmware, simatic rf1140r Multiple Siemens products such as firmware have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. SIMATIC RF600 Readers are used for contactless identification of various objects, such as transport containers, pallets, production goods, or generally for recording bulk goods. SIMATIC RF1100 is an RFID-based solution for simple and universal electronic authorization management. SIMATIC RF360R reader expands the SIMATIC RFID300 RFID system with a compact reader with an integrated Industrial Ethernet interface. \n\nSiemens SIMATIC RFID Readers have an improper access control vulnerability, which is caused by the fact that the affected application does not authenticate the creation of the Ajax2App instance", "sources": [ { "db": "NVD", "id": "CVE-2024-37993" }, { "db": "JVNDB", "id": "JVNDB-2024-008396" }, { "db": "CNVD", "id": "CNVD-2024-38008" } ], "trust": 2.16 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2024-37993", "trust": 3.2 }, { "db": "SIEMENS", "id": "SSA-765405", "trust": 2.4 }, { "db": "JVN", "id": "JVNVU90825867", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-24-256-07", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2024-008396", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2024-38008", "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38008" }, { "db": "JVNDB", "id": "JVNDB-2024-008396" }, { "db": "NVD", "id": "CVE-2024-37993" } ] }, "id": "VAR-202409-0245", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2024-38008" } ], "trust": 1.07222222 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38008" } ] }, "last_update_date": "2024-09-20T21:15:58.505000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens SIMATIC RFID Readers Improper Access Control Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/590361" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38008" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-284", "trust": 1.0 }, { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Inappropriate access control (CWE-284) [ others ]", "trust": 0.8 }, { "problemtype": " Lack of information (CWE-noinfo) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-008396" }, { "db": "NVD", "id": "CVE-2024-37993" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu90825867/" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2024-37993" }, { "trust": 0.8, "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-07" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-38008" }, { "db": "JVNDB", "id": "JVNDB-2024-008396" }, { "db": "NVD", "id": "CVE-2024-37993" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2024-38008" }, { "db": "JVNDB", "id": "JVNDB-2024-008396" }, { "db": "NVD", "id": "CVE-2024-37993" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-09-13T00:00:00", "db": "CNVD", "id": "CNVD-2024-38008" }, { "date": "2024-09-19T00:00:00", "db": "JVNDB", "id": "JVNDB-2024-008396" }, { "date": "2024-09-10T10:15:11.090000", "db": "NVD", "id": "CVE-2024-37993" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-09-12T00:00:00", "db": "CNVD", "id": "CNVD-2024-38008" }, { "date": "2024-09-19T06:46:00", "db": "JVNDB", "id": "JVNDB-2024-008396" }, { "date": "2024-09-18T15:32:26.037000", "db": "NVD", "id": "CVE-2024-37993" } ] }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Vulnerabilities in multiple Siemens products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2024-008396" } ], "trust": 0.8 } }
var-202103-1464
Vulnerability from variot
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. Summary:
Openshift Serverless 1.10.2 is now available. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.5. Solution:
See the documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.5/html/serverless_applications/index
Bug Fix(es):
-
WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)
-
LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917)
-
Telemetry info not completely available to identify windows nodes (BZ#1955319)
-
WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412)
-
kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263)
-
Solution:
For Windows Machine Config Operator upgrades, see the following documentation:
https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html
- Bugs fixed (https://bugzilla.redhat.com/):
1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.0.10 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
Bug fix:
-
RHACM 2.0.10 images (BZ #1940452)
-
Bugs fixed (https://bugzilla.redhat.com/):
1940452 - RHACM 2.0.10 images 1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function
- ========================================================================== Ubuntu Security Notice USN-4891-1 March 25, 2021
openssl vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
OpenSSL could be made to crash or run programs if it received specially crafted network traffic. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.10: libssl1.1 1.1.1f-1ubuntu4.3
Ubuntu 20.04 LTS: libssl1.1 1.1.1f-1ubuntu2.3
Ubuntu 18.04 LTS: libssl1.1 1.1.1-1ubuntu2.1~18.04.9
After a standard system update you need to reboot your computer to make all the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. Package List:
Red Hat Enterprise Linux BaseOS (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update Advisory ID: RHSA-2021:1200-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:1200 Issue date: 2021-04-14 CVE Names: CVE-2021-3449 CVE-2021-3450 ==================================================================== 1. Summary:
Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip release for RHEL 7, RHEL 8 and Microsoft Windows is available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 6 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security fix(es):
-
openssl: NULL pointer deref in signature_algorithms processing (CVE-2021-3449)
-
openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
The References section of this erratum contains a download link for the update. You must be logged in to download the update.
- Bugs fixed (https://bugzilla.redhat.com/):
1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing
- References:
https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp&downloadType=securityPatches&version=2.4.37
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYHcRztzjgjWX9erEAQi2UA//ZnBZbF6yu43LNZh8SpIsZt25+kmRXpPO 24bitxkguIp8Mbf6aysizioKh10TgUzJAZL/xwzVGaf1YTtGXEiiQZvl+qetQhal CYcQUX9iRTbN3LL5sT0es8qIc9pXnVSh9YCRaa2i3l9KWlPWA2U0R4OfrAmGIjUe VG3tJ92HhtdeEx0VOHC+X6e7bDMoGQboT7cDJsP/xn8abWrBn9pQYfh7Ej/4qwMK 8sm6M7KcMcl2Sxjv0PB5obmZWBILWiTwHrJu6M3D6HBMJ4IdA0+DrDjf5U3NW6xp uYmmkKkw18juBkRyLBFG0Xnm8JUh9t50zRL5XbI5rcv8w+puqcuLuNWD83L+fIFE Z7eDdVaf0TYljefjbiZP/An2vjiOJ6Tm7nO79lrCI/g7Oax+/oK0/ClDpLuwVKtB hz7f5VrK2+q+qDRvXk65Ala9kMHvhkr7s2/64/UMcvqpnTSkzypFORSdj+UBevUb a+2ClrFEeokOXZxvZGQQxvu6do8roy2vrpLgNmxaDf65JZk5R4NlC3J4SbEjwBTT Wg4bnZRXHi+T8OL3fmPTnNsEMOAdH3kwUfgzIbj9o6wFzoZiKYRUk9qQv8jb1G9K x0qnCqtrwqzBBUs+ntXfTguTOba7JYx7aWH6ieBOIb5tapLJw7xOlVWbE1d29BCy CkeZnyNSON8=u60F -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202103-1464", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "graalvm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.3.1.2" }, { "model": "mysql workbench", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.23" }, { "model": "simatic cloud connect 7", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "cloud volumes ontap mediator", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "simatic net cp 1543sp-1", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "simatic pdm", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "9.1.0.7" }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.12.1" }, { "model": "essbase", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.2" }, { "model": "sma100", "scope": "gte", "trust": 1.0, "vendor": "sonicwall", "version": "10.2.0.0" }, { "model": "multi-domain management", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r80.40" }, { "model": "scalance s627-2m", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance xp-200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "simatic process historian opc ua server", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2019" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "10.0.0" }, { "model": "simatic cp 1242-7 gprs v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "jd edwards world security", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "a9.4" }, { "model": "scalance xr524-8c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "tenable.sc", "scope": "gte", "trust": 1.0, "vendor": "tenable", "version": "5.13.0" }, { "model": "simatic rf188ci", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic net cp 1243-1", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "simatic rf185c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "snapcenter", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.13.0" }, { "model": "mysql connectors", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.23" }, { "model": "simatic net cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "tim 1531 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "secure global desktop", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "5.6" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "10.24.0" }, { "model": "mysql server", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "5.7.33" }, { "model": "scalance xr-300wg", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "sma100", "scope": "lt", "trust": 1.0, "vendor": "sonicwall", "version": "10.2.1.0-17sv" }, { "model": "simatic s7-1200 cpu 1217c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics connect 300", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "12.12.0" }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.11.1" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.58" }, { "model": "scalance xm-400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "simatic net cp1243-7 lte eu", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "quantum security gateway", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r81" }, { "model": "communications communications policy management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.6.0.0.0" }, { "model": "simatic rf360r", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "simatic hmi comfort outdoor panels", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1200 cpu 1214c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance s615", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "6.2" }, { "model": "mysql server", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.15" }, { "model": "simatic mv500", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1200 cpu 1212fc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinec pni", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "scalance xf-200ba", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.12.0" }, { "model": "simatic rf188c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic wincc runtime advanced", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "zfs storage appliance kit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.8" }, { "model": "simatic s7-1200 cpu 1211c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "nessus", "scope": "lte", "trust": 1.0, "vendor": "tenable", "version": "8.13.1" }, { "model": "enterprise manager for storage management", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "13.4.0.0" }, { "model": "multi-domain management", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r81" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.59" }, { "model": "primavera unifier", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.7" }, { "model": "simatic hmi basic panels 2nd generation", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.12" }, { "model": "scalance w700", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "6.5" }, { "model": "e-series performance analyzer", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "scalance xr552-12", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "simatic net cp1243-7 lte us", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "12.0.0" }, { "model": "openssl", "scope": "gte", "trust": 1.0, "vendor": "openssl", "version": "1.1.1" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "34" }, { "model": "graalvm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "19.3.5" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "20.12" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "14.14.0" }, { "model": "tenable.sc", "scope": "lte", "trust": 1.0, "vendor": "tenable", "version": "5.17.0" }, { "model": "web gateway cloud service", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "10.1.1" }, { "model": "openssl", "scope": "lt", "trust": 1.0, "vendor": "openssl", "version": "1.1.1k" }, { "model": "simatic rf166c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "scalance xc-200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "simatic s7-1200 cpu 1215c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "quantum security management", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r80.40" }, { "model": "scalance xr526-8c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "15.14.0" }, { "model": "simatic s7-1500 cpu 1518-4 pn\\/dp mfp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "web gateway cloud service", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "9.2.10" }, { "model": "tim 1531 irc", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "primavera unifier", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.12" }, { "model": "sinec infrastructure network services", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.1.1" }, { "model": "graalvm", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.0.0.2" }, { "model": "secure backup", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "18.1.0.1.0" }, { "model": "nessus network monitor", "scope": "eq", "trust": 1.0, "vendor": "tenable", "version": "5.11.0" }, { "model": "storagegrid", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.57" }, { "model": "scalance sc-600", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "simatic pcs 7 telecontrol", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1200 cpu 1215 fc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "12.22.1" }, { "model": "simatic rf186ci", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "web gateway", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "10.1.1" }, { "model": "simatic net cp 1542sp-1 irc", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "capture client", "scope": "eq", "trust": 1.0, "vendor": "sonicwall", "version": "3.5" }, { "model": "simatic logon", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "1.6.0.2" }, { "model": "simatic wincc telecontrol", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "active iq unified manager", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "sonicos", "scope": "eq", "trust": 1.0, "vendor": "sonicwall", "version": "7.0.1.0" }, { "model": "jd edwards enterpriseone tools", "scope": "lt", "trust": 1.0, "vendor": "oracle", "version": "9.2.6.0" }, { "model": "oncommand insight", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "simatic pcs neo", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance s623", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "scalance lpe9403", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1200 cpu 1214 fc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "10.13.0" }, { "model": "log correlation engine", "scope": "lt", "trust": 1.0, "vendor": "tenable", "version": "6.0.9" }, { "model": "scalance m-800", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "6.2" }, { "model": "simatic rf186c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "web gateway cloud service", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "8.2.19" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "14.0.0" }, { "model": "primavera unifier", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "21.12" }, { "model": "web gateway", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "9.2.10" }, { "model": "node.js", "scope": "lt", "trust": 1.0, "vendor": "nodejs", "version": "14.16.1" }, { "model": "simatic hmi ktp mobile panels", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinema server", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "14.0" }, { "model": "scalance s612", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "simatic s7-1200 cpu 1212c", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "santricity smi-s provider", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "quantum security management", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r81" }, { "model": "scalance xr528-6m", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.4" }, { "model": "tia administrator", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinec nms", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.0" }, { "model": "simatic logon", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.5" }, { "model": "freebsd", "scope": "eq", "trust": 1.0, "vendor": "freebsd", "version": "12.2" }, { "model": "sinumerik opc ua server", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "mysql server", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.23" }, { "model": "ontap select deploy administration utility", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "scalance xb-200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.3" }, { "model": "scalance s602", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "4.1" }, { "model": "ruggedcom rcm1224", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "6.2" }, { "model": "node.js", "scope": "lte", "trust": 1.0, "vendor": "nodejs", "version": "10.12.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "12.13.0" }, { "model": "simatic cp 1242-7 gprs v2", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "web gateway", "scope": "eq", "trust": 1.0, "vendor": "mcafee", "version": "8.2.19" }, { "model": "quantum security gateway", "scope": "eq", "trust": 1.0, "vendor": "checkpoint", "version": "r80.40" }, { "model": "simatic net cp 1545-1", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "1.0" }, { "model": "simatic cloud connect 7", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "15.0.0" }, { "model": "simatic net cp 1243-8 irc", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "scalance w1700", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "node.js", "scope": "gte", "trust": 1.0, "vendor": "nodejs", "version": "14.15.0" }, { "model": "simatic net cp 1543-1", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "2.2" }, { "model": "hitachi ops center analyzer viewpoint", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "storagegrid", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "ontap select deploy administration utility", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "quantum security gateway", "scope": null, "trust": 0.8, "vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba", "version": null }, { "model": "tenable.sc", "scope": null, "trust": 0.8, "vendor": "tenable", "version": null }, { "model": "nessus", "scope": null, "trust": 0.8, "vendor": "tenable", "version": null }, { "model": "oncommand workflow automation", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "freebsd", "scope": null, "trust": 0.8, "vendor": "freebsd", "version": null }, { "model": "hitachi ops center common services", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "santricity smi-s provider", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "mcafee web gateway \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2", "scope": null, "trust": 0.8, "vendor": "\u30de\u30ab\u30d5\u30a3\u30fc", "version": null }, { "model": "e-series performance analyzer", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "fedora", "scope": null, "trust": 0.8, "vendor": "fedora", "version": null }, { "model": "jp1/file transmission server/ftp", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "quantum security management", "scope": null, "trust": 0.8, "vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba", "version": null }, { "model": "openssl", "scope": null, "trust": 0.8, "vendor": "openssl", "version": null }, { "model": "cloud volumes ontap \u30e1\u30c7\u30a3\u30a8\u30fc\u30bf", "scope": null, "trust": 0.8, "vendor": "netapp", "version": null }, { "model": "jp1/base", "scope": null, "trust": 0.8, "vendor": "\u65e5\u7acb", "version": null }, { "model": "gnu/linux", "scope": null, "trust": 0.8, "vendor": "debian", "version": null }, { "model": "web gateway cloud service", "scope": null, "trust": 0.8, "vendor": "\u30de\u30ab\u30d5\u30a3\u30fc", "version": null }, { "model": "multi-domain management", "scope": null, "trust": 0.8, "vendor": "\u30c1\u30a7\u30c3\u30af \u30dd\u30a4\u30f3\u30c8 \u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u30ba", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163257" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "162076" }, { "db": "PACKETSTORM", "id": "162013" }, { "db": "PACKETSTORM", "id": "162200" }, { "db": "PACKETSTORM", "id": "162197" }, { "db": "PACKETSTORM", "id": "162189" } ], "trust": 0.8 }, "cve": "CVE-2021-3449", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2021-3449", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "VHN-388130", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.2, "id": "CVE-2021-3449", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 5.9, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-3449", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2021-3449", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2021-3449", "trust": 0.8, "value": "Medium" }, { "author": "VULHUB", "id": "VHN-388130", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-388130" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. Summary:\n\nOpenshift Serverless 1.10.2 is now available. This version of the OpenShift Serverless\nOperator is supported on Red Hat OpenShift Container Platform version 4.5. Solution:\n\nSee the documentation at:\nhttps://access.redhat.com/documentation/en-us/openshift_container_platform/\n4.5/html/serverless_applications/index\n\n4. \n\nBug Fix(es):\n\n* WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)\n\n* LoadBalancer Service type with invalid external loadbalancer IP breaks\nthe datapath (BZ#1952917)\n\n* Telemetry info not completely available to identify windows nodes\n(BZ#1955319)\n\n* WMCO incorrectly shows node as ready after a failed configuration\n(BZ#1956412)\n\n* kube-proxy service terminated unexpectedly after recreated LB service\n(BZ#1963263)\n\n3. Solution:\n\nFor Windows Machine Config Operator upgrades, see the following\ndocumentation:\n\nhttps://docs.openshift.com/container-platform/4.7/windows_containers/window\ns-node-upgrades.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1945248 - WMCO patch pub-key-hash annotation to Linux node\n1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don\u0027t create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM\n1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath\n1955319 - Telemetry info not completely available to identify windows nodes\n1956412 - WMCO incorrectly shows node as ready after a failed configuration\n1963263 - kube-proxy service terminated unexpectedly after recreated LB service\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.0.10 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nBug fix:\n\n* RHACM 2.0.10 images (BZ #1940452)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1940452 - RHACM 2.0.10 images\n1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function\n\n5. ==========================================================================\nUbuntu Security Notice USN-4891-1\nMarch 25, 2021\n\nopenssl vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.10\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nOpenSSL could be made to crash or run programs if it received specially\ncrafted network traffic. A remote attacker could use this issue to cause\nOpenSSL to crash, resulting in a denial of service, or possibly execute\narbitrary code. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.10:\n libssl1.1 1.1.1f-1ubuntu4.3\n\nUbuntu 20.04 LTS:\n libssl1.1 1.1.1f-1ubuntu2.3\n\nUbuntu 18.04 LTS:\n libssl1.1 1.1.1-1ubuntu2.1~18.04.9\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and\nTransport Layer Security (TLS) protocols, as well as a full-strength\ngeneral-purpose cryptography library. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nFor the update to take effect, all services linked to the OpenSSL library\nmust be restarted, or the system rebooted. Package List:\n\nRed Hat Enterprise Linux BaseOS (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update\nAdvisory ID: RHSA-2021:1200-01\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1200\nIssue date: 2021-04-14\nCVE Names: CVE-2021-3449 CVE-2021-3450\n====================================================================\n1. Summary:\n\nRed Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 zip\nrelease for RHEL 7, RHEL 8 and Microsoft Windows is available. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages\nthat are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.37 Service Pack 6 and includes bug fixes and\nenhancements. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity fix(es):\n\n* openssl: NULL pointer deref in signature_algorithms processing\n(CVE-2021-3449)\n\n* openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n(CVE-2021-3450)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n3. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nThe References section of this erratum contains a download link for the\nupdate. You must be logged in to download the update. \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.apachehttp\u0026downloadType=securityPatches\u0026version=2.4.37\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYHcRztzjgjWX9erEAQi2UA//ZnBZbF6yu43LNZh8SpIsZt25+kmRXpPO\n24bitxkguIp8Mbf6aysizioKh10TgUzJAZL/xwzVGaf1YTtGXEiiQZvl+qetQhal\nCYcQUX9iRTbN3LL5sT0es8qIc9pXnVSh9YCRaa2i3l9KWlPWA2U0R4OfrAmGIjUe\nVG3tJ92HhtdeEx0VOHC+X6e7bDMoGQboT7cDJsP/xn8abWrBn9pQYfh7Ej/4qwMK\n8sm6M7KcMcl2Sxjv0PB5obmZWBILWiTwHrJu6M3D6HBMJ4IdA0+DrDjf5U3NW6xp\nuYmmkKkw18juBkRyLBFG0Xnm8JUh9t50zRL5XbI5rcv8w+puqcuLuNWD83L+fIFE\nZ7eDdVaf0TYljefjbiZP/An2vjiOJ6Tm7nO79lrCI/g7Oax+/oK0/ClDpLuwVKtB\nhz7f5VrK2+q+qDRvXk65Ala9kMHvhkr7s2/64/UMcvqpnTSkzypFORSdj+UBevUb\na+2ClrFEeokOXZxvZGQQxvu6do8roy2vrpLgNmxaDf65JZk5R4NlC3J4SbEjwBTT\nWg4bnZRXHi+T8OL3fmPTnNsEMOAdH3kwUfgzIbj9o6wFzoZiKYRUk9qQv8jb1G9K\nx0qnCqtrwqzBBUs+ntXfTguTOba7JYx7aWH6ieBOIb5tapLJw7xOlVWbE1d29BCy\nCkeZnyNSON8=u60F\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. It is comprised of the Apache\nTomcat Servlet container, JBoss HTTP Connector (mod_cluster), the\nPicketLink Vault extension for Apache Tomcat, and the Tomcat Native\nlibrary. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied", "sources": [ { "db": "NVD", "id": "CVE-2021-3449" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "VULHUB", "id": "VHN-388130" }, { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163257" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "162076" }, { "db": "PACKETSTORM", "id": "161984" }, { "db": "PACKETSTORM", "id": "162013" }, { "db": "PACKETSTORM", "id": "162200" }, { "db": "PACKETSTORM", "id": "162197" }, { "db": "PACKETSTORM", "id": "162189" } ], "trust": 2.52 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-3449", "trust": 2.8 }, { "db": "TENABLE", "id": "TNS-2021-06", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2021-09", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2021-05", "trust": 1.1 }, { "db": "TENABLE", "id": "TNS-2021-10", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/03/28/3", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/03/27/2", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/03/28/4", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2021/03/27/1", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-772220", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-389290", "trust": 1.1 }, { "db": "PULSESECURE", "id": "SA44845", "trust": 1.1 }, { "db": "MCAFEE", "id": "SB10356", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU92126369", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-001383", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "162197", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162076", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "163257", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162013", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162383", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162189", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "161984", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162200", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "162114", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162350", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162041", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162183", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162699", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162337", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162151", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162196", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162172", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162201", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162307", "trust": 0.1 }, { "db": "SEEBUG", "id": "SSVID-99170", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-388130", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "162694", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-388130" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163257" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "162076" }, { "db": "PACKETSTORM", "id": "161984" }, { "db": "PACKETSTORM", "id": "162013" }, { "db": "PACKETSTORM", "id": "162200" }, { "db": "PACKETSTORM", "id": "162197" }, { "db": "PACKETSTORM", "id": "162189" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "id": "VAR-202103-1464", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-388130" } ], "trust": 0.6742040990624999 }, "last_update_date": "2024-11-29T22:12:22.747000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "hitachi-sec-2021-119 Software product security information", "trust": 0.8, "url": "https://www.debian.org/security/2021/dsa-4875" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001383" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-476", "trust": 1.1 }, { "problemtype": "NULL Pointer dereference (CWE-476) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-388130" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449" }, { "trust": 1.1, "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-openssl-2021-ghy28djd" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf" }, { "trust": 1.1, "url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44845" }, { "trust": 1.1, "url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0013" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20210326-0006/" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" }, { "trust": 1.1, "url": "https://www.openssl.org/news/secadv/20210325.txt" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2021-05" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2021-06" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2021-09" }, { "trust": 1.1, "url": "https://www.tenable.com/security/tns-2021-10" }, { "trust": 1.1, "url": "https://www.debian.org/security/2021/dsa-4875" }, { "trust": 1.1, "url": "https://security.gentoo.org/glsa/202103-03" }, { "trust": 1.1, "url": "https://security.freebsd.org/advisories/freebsd-sa-21:07.openssl.asc" }, { "trust": 1.1, "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.1, "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2021/03/27/1" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2021/03/27/2" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2021/03/28/3" }, { "trust": 1.1, "url": "http://www.openwall.com/lists/oss-security/2021/03/28/4" }, { "trust": 1.0, "url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=fb9fa6b51defd48157eeb207f52181f735d96148" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/" }, { "trust": 1.0, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10356" }, { "trust": 1.0, "url": "https://security.netapp.com/advisory/ntap-20240621-0006/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu92126369/" }, { "trust": 0.8, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.8, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2021-3449" }, { "trust": 0.8, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2021-3450" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450" }, { "trust": 0.5, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2021-20305" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305" }, { "trust": 0.1, "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148" }, { "trust": 0.1, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10356" }, { "trust": 0.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20454" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20916" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19221" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19906" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20907" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13631" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-14422" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7595" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13632" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8492" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16168" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-9327" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13630" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20387" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/openshift_container_platform/4.5/html/serverless_applications/index" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-5018" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20218" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1000858" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3115" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13050" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-14889" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-1730" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9327" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-16935" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19906" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-13627" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19221" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-6405" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20388" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3114" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1000858" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-20843" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2021" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13631" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20387" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8492" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-5018" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-19956" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13632" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-15903" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-14422" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13627" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13630" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-14889" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1730" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6405" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16935" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20218" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20454" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7595" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-16168" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20916" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-25013" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25736" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29361" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:2130" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-2708" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8286" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28196" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15358" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8927" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-14502" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.7/windows_containers/window" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8285" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-29363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-9169" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927" }, { "trust": 0.1, "url": "https://issues.jboss.org/):" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13434" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25736" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-10228" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-24977" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-3842" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-13776" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3326" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27219" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8284" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27618" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23358" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27363" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15586" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3347" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28374" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23358" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27364" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-26708" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27365" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27152" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27363" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27152" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-16845" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27365" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-0466" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-28362" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-27364" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1448" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-28374" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-26708" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1063" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.9" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu4.3" }, { "trust": 0.1, "url": "https://ubuntu.com/security/notices/usn-4891-1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.3" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1024" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1203" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1200" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.apachehttp\u0026downloadtype=securitypatches\u0026version=2.4.37" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:1195" } ], "sources": [ { "db": "VULHUB", "id": "VHN-388130" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163257" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "162076" }, { "db": "PACKETSTORM", "id": "161984" }, { "db": "PACKETSTORM", "id": "162013" }, { "db": "PACKETSTORM", "id": "162200" }, { "db": "PACKETSTORM", "id": "162197" }, { "db": "PACKETSTORM", "id": "162189" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-388130" }, { "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "163257" }, { "db": "PACKETSTORM", "id": "162383" }, { "db": "PACKETSTORM", "id": "162076" }, { "db": "PACKETSTORM", "id": "161984" }, { "db": "PACKETSTORM", "id": "162013" }, { "db": "PACKETSTORM", "id": "162200" }, { "db": "PACKETSTORM", "id": "162197" }, { "db": "PACKETSTORM", "id": "162189" }, { "db": "NVD", "id": "CVE-2021-3449" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-03-25T00:00:00", "db": "VULHUB", "id": "VHN-388130" }, { "date": "2021-05-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "date": "2021-05-19T14:19:18", "db": "PACKETSTORM", "id": "162694" }, { "date": "2021-06-23T15:44:15", "db": "PACKETSTORM", "id": "163257" }, { "date": "2021-04-29T14:37:49", "db": "PACKETSTORM", "id": "162383" }, { "date": "2021-04-05T15:16:03", "db": "PACKETSTORM", "id": "162076" }, { "date": "2021-03-26T14:15:18", "db": "PACKETSTORM", "id": "161984" }, { "date": "2021-03-30T14:07:13", "db": "PACKETSTORM", "id": "162013" }, { "date": "2021-04-15T13:50:30", "db": "PACKETSTORM", "id": "162200" }, { "date": "2021-04-15T13:50:04", "db": "PACKETSTORM", "id": "162197" }, { "date": "2021-04-14T16:50:04", "db": "PACKETSTORM", "id": "162189" }, { "date": "2021-03-25T15:15:13.450000", "db": "NVD", "id": "CVE-2021-3449" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-08-29T00:00:00", "db": "VULHUB", "id": "VHN-388130" }, { "date": "2021-09-13T07:43:00", "db": "JVNDB", "id": "JVNDB-2021-001383" }, { "date": "2024-11-21T06:21:33.050000", "db": "NVD", "id": "CVE-2021-3449" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "161984" } ], "trust": 0.1 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001383" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code execution", "sources": [ { "db": "PACKETSTORM", "id": "162694" }, { "db": "PACKETSTORM", "id": "162383" } ], "trust": 0.2 } }
cve-2024-37990
Vulnerability from cvelistv5
7.0 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-37990", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:12:00.893655Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-10T15:12:10.308Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC Reader RF610R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF610R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF610R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF615R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF615R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF615R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R ARIB", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R ARIB", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R ARIB", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF1140R", "vendor": "Siemens", "versions": [ { "lessThan": "V1.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF1170R", "vendor": "Siemens", "versions": [ { "lessThan": "V1.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF166C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF185C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF186C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF186CI", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF188C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF188CI", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF360R", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The affected applications contain configuration files which can be modified. An attacker with privilege access can modify these files and enable features that are not released for this device." } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-912", "description": "CWE-912: Hidden Functionality", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-10T09:36:33.772Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-37990", "datePublished": "2024-09-10T09:36:33.772Z", "dateReserved": "2024-06-11T08:32:52.183Z", "dateUpdated": "2024-09-10T15:12:10.308Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-31340
Vulnerability from cvelistv5
▼ | URL | Tags |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf | x_refsource_MISC |
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC RF166C |
Version: All versions > V1.1 and < V1.3.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T22:55:53.544Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SIMATIC RF166C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V1.1 and \u003c V1.3.2" } ] }, { "product": "SIMATIC RF185C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V1.1 and \u003c V1.3.2" } ] }, { "product": "SIMATIC RF186C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V1.1 and \u003c V1.3.2" } ] }, { "product": "SIMATIC RF186CI", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V1.1 and \u003c V1.3.2" } ] }, { "product": "SIMATIC RF188C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V1.1 and \u003c V1.3.2" } ] }, { "product": "SIMATIC RF188CI", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V1.1 and \u003c V1.3.2" } ] }, { "product": "SIMATIC RF360R", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.0" } ] }, { "product": "SIMATIC Reader RF610R CMIIT", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V3.0 \u003c V4.0" } ] }, { "product": "SIMATIC Reader RF610R ETSI", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V3.0 \u003c V4.0" } ] }, { "product": "SIMATIC Reader RF610R FCC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V3.0 \u003c V4.0" } ] }, { "product": "SIMATIC Reader RF615R CMIIT", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V3.0 \u003c V4.0" } ] }, { "product": "SIMATIC Reader RF615R ETSI", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V3.0 \u003c V4.0" } ] }, { "product": "SIMATIC Reader RF615R FCC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V3.0 \u003c V4.0" } ] }, { "product": "SIMATIC Reader RF650R ARIB", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V3.0 \u003c V4.0" } ] }, { "product": "SIMATIC Reader RF650R CMIIT", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V3.0 \u003c V4.0" } ] }, { "product": "SIMATIC Reader RF650R ETSI", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V3.0 \u003c V4.0" } ] }, { "product": "SIMATIC Reader RF650R FCC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V3.0 \u003c V4.0" } ] }, { "product": "SIMATIC Reader RF680R ARIB", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V3.0 \u003c V4.0" } ] }, { "product": "SIMATIC Reader RF680R CMIIT", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V3.0 \u003c V4.0" } ] }, { "product": "SIMATIC Reader RF680R ETSI", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V3.0 \u003c V4.0" } ] }, { "product": "SIMATIC Reader RF680R FCC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V3.0 \u003c V4.0" } ] }, { "product": "SIMATIC Reader RF685R ARIB", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V3.0 \u003c V4.0" } ] }, { "product": "SIMATIC Reader RF685R CMIIT", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V3.0 \u003c V4.0" } ] }, { "product": "SIMATIC Reader RF685R ETSI", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V3.0 \u003c V4.0" } ] }, { "product": "SIMATIC Reader RF685R FCC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e V3.0 \u003c V4.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC RF166C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF185C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF186C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF186CI (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF188C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF188CI (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF360R (All versions \u003c V2.0), SIMATIC Reader RF610R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF610R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF610R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R FCC (All versions \u003e V3.0 \u003c V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-10T09:46:26", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2021-31340", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SIMATIC RF166C", "version": { "version_data": [ { "version_value": "All versions \u003e V1.1 and \u003c V1.3.2" } ] } }, { "product_name": "SIMATIC RF185C", "version": { "version_data": [ { "version_value": "All versions \u003e V1.1 and \u003c V1.3.2" } ] } }, { "product_name": "SIMATIC RF186C", "version": { "version_data": [ { "version_value": "All versions \u003e V1.1 and \u003c V1.3.2" } ] } }, { "product_name": "SIMATIC RF186CI", "version": { "version_data": [ { "version_value": "All versions \u003e V1.1 and \u003c V1.3.2" } ] } }, { "product_name": "SIMATIC RF188C", "version": { "version_data": [ { "version_value": "All versions \u003e V1.1 and \u003c V1.3.2" } ] } }, { "product_name": "SIMATIC RF188CI", "version": { "version_data": [ { "version_value": "All versions \u003e V1.1 and \u003c V1.3.2" } ] } }, { "product_name": "SIMATIC RF360R", "version": { "version_data": [ { "version_value": "All versions \u003c V2.0" } ] } }, { "product_name": "SIMATIC Reader RF610R CMIIT", "version": { "version_data": [ { "version_value": "All versions \u003e V3.0 \u003c V4.0" } ] } }, { "product_name": "SIMATIC Reader RF610R ETSI", "version": { "version_data": [ { "version_value": "All versions \u003e V3.0 \u003c V4.0" } ] } }, { "product_name": "SIMATIC Reader RF610R FCC", "version": { "version_data": [ { "version_value": "All versions \u003e V3.0 \u003c V4.0" } ] } }, { "product_name": "SIMATIC Reader RF615R CMIIT", "version": { "version_data": [ { "version_value": "All versions \u003e V3.0 \u003c V4.0" } ] } }, { "product_name": "SIMATIC Reader RF615R ETSI", "version": { "version_data": [ { "version_value": "All versions \u003e V3.0 \u003c V4.0" } ] } }, { "product_name": "SIMATIC Reader RF615R FCC", "version": { "version_data": [ { "version_value": "All versions \u003e V3.0 \u003c V4.0" } ] } }, { "product_name": "SIMATIC Reader RF650R ARIB", "version": { "version_data": [ { "version_value": "All versions \u003e V3.0 \u003c V4.0" } ] } }, { "product_name": "SIMATIC Reader RF650R CMIIT", "version": { "version_data": [ { "version_value": "All versions \u003e V3.0 \u003c V4.0" } ] } }, { "product_name": "SIMATIC Reader RF650R ETSI", "version": { "version_data": [ { "version_value": "All versions \u003e V3.0 \u003c V4.0" } ] } }, { "product_name": "SIMATIC Reader RF650R FCC", "version": { "version_data": [ { "version_value": "All versions \u003e V3.0 \u003c V4.0" } ] } }, { "product_name": "SIMATIC Reader RF680R ARIB", "version": { "version_data": [ { "version_value": "All versions \u003e V3.0 \u003c V4.0" } ] } }, { "product_name": "SIMATIC Reader RF680R CMIIT", "version": { "version_data": [ { "version_value": "All versions \u003e V3.0 \u003c V4.0" } ] } }, { "product_name": "SIMATIC Reader RF680R ETSI", "version": { "version_data": [ { "version_value": "All versions \u003e V3.0 \u003c V4.0" } ] } }, { "product_name": "SIMATIC Reader RF680R FCC", "version": { "version_data": [ { "version_value": "All versions \u003e V3.0 \u003c V4.0" } ] } }, { "product_name": "SIMATIC Reader RF685R ARIB", "version": { "version_data": [ { "version_value": "All versions \u003e V3.0 \u003c V4.0" } ] } }, { "product_name": "SIMATIC Reader RF685R CMIIT", "version": { "version_data": [ { "version_value": "All versions \u003e V3.0 \u003c V4.0" } ] } }, { "product_name": "SIMATIC Reader RF685R ETSI", "version": { "version_data": [ { "version_value": "All versions \u003e V3.0 \u003c V4.0" } ] } }, { "product_name": "SIMATIC Reader RF685R FCC", "version": { "version_data": [ { "version_value": "All versions \u003e V3.0 \u003c V4.0" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in SIMATIC RF166C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF185C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF186C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF186CI (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF188C (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF188CI (All versions \u003e V1.1 and \u003c V1.3.2), SIMATIC RF360R (All versions \u003c V2.0), SIMATIC Reader RF610R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF610R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF610R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF615R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF650R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF680R FCC (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R ARIB (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R CMIIT (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R ETSI (All versions \u003e V3.0 \u003c V4.0), SIMATIC Reader RF685R FCC (All versions \u003e V3.0 \u003c V4.0). Affected devices do not properly handle large numbers of incoming connections. An attacker may leverage this to cause a Denial-of-Service situation." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-787292.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2021-31340", "datePublished": "2021-06-08T19:47:16", "dateReserved": "2021-04-15T00:00:00", "dateUpdated": "2024-08-03T22:55:53.544Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-37995
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC Reader RF610R CMIIT |
Version: 0 < V4.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-37995", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:08:52.987640Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-10T15:09:02.700Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC Reader RF610R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF610R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF610R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF615R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF615R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF615R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R ARIB", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R ARIB", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R ARIB", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF1140R", "vendor": "Siemens", "versions": [ { "lessThan": "V1.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF1170R", "vendor": "Siemens", "versions": [ { "lessThan": "V1.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF166C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF185C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF186C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF186CI", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF188C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF188CI", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF360R", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The affected application improperly handles error while a faulty certificate upload leading to crashing of application. This vulnerability could allow an attacker to disclose sensitive information." } ], "metrics": [ { "cvssV3_1": { "baseScore": 2.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 2.1, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-703", "description": "CWE-703: Improper Check or Handling of Exceptional Conditions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-10T09:36:42.714Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-37995", "datePublished": "2024-09-10T09:36:42.714Z", "dateReserved": "2024-06-11T08:32:52.184Z", "dateUpdated": "2024-09-10T15:09:02.700Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-37991
Vulnerability from cvelistv5
6.0 (Medium) - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC Reader RF610R CMIIT |
Version: 0 < V4.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-37991", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:09:26.404268Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-10T15:09:35.340Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC Reader RF610R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF610R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF610R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF615R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF615R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF615R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R ARIB", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R ARIB", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R ARIB", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF1140R", "vendor": "Siemens", "versions": [ { "lessThan": "V1.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF1170R", "vendor": "Siemens", "versions": [ { "lessThan": "V1.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF166C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF185C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF186C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF186CI", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF188C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF188CI", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF360R", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The service log files of the affected application can be accessed without proper authentication. This could allow an unauthenticated attacker to get access to sensitive information." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-10T09:36:35.565Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-37991", "datePublished": "2024-09-10T09:36:35.565Z", "dateReserved": "2024-06-11T08:32:52.183Z", "dateUpdated": "2024-09-10T15:09:35.340Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-37994
Vulnerability from cvelistv5
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC Reader RF610R CMIIT |
Version: 0 < V4.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-37994", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:03:36.814417Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-10T15:03:52.417Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC Reader RF610R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF610R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF610R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF615R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF615R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF615R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R ARIB", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R ARIB", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R ARIB", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF1140R", "vendor": "Siemens", "versions": [ { "lessThan": "V1.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF1170R", "vendor": "Siemens", "versions": [ { "lessThan": "V1.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF166C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF185C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF186C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF186CI", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF188C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF188CI", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF360R", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The affected application contains a hidden configuration item to enable debug functionality. This could allow an attacker to gain insight into the internal configuration of the deployment." } ], "metrics": [ { "cvssV3_1": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-912", "description": "CWE-912: Hidden Functionality", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-10T09:36:40.841Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-37994", "datePublished": "2024-09-10T09:36:40.841Z", "dateReserved": "2024-06-11T08:32:52.184Z", "dateUpdated": "2024-09-10T15:03:52.417Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-37992
Vulnerability from cvelistv5
5.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC Reader RF610R CMIIT |
Version: 0 < V4.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-37992", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:04:53.594332Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-10T15:08:09.459Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC Reader RF610R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF610R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF610R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF615R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF615R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF615R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R ARIB", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R ARIB", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R ARIB", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF1140R", "vendor": "Siemens", "versions": [ { "lessThan": "V1.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF1170R", "vendor": "Siemens", "versions": [ { "lessThan": "V1.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF166C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF185C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF186C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF186CI", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF188C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF188CI", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF360R", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The affected devices does not properly handle the error in case of exceeding characters while setting SNMP leading to the restart of the application." } ], "metrics": [ { "cvssV3_1": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-703", "description": "CWE-703: Improper Check or Handling of Exceptional Conditions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-10T09:36:37.300Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-37992", "datePublished": "2024-09-10T09:36:37.300Z", "dateReserved": "2024-06-11T08:32:52.183Z", "dateUpdated": "2024-09-10T15:08:09.459Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-6568
Vulnerability from cvelistv5
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC CP 1604 |
Version: All versions |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T20:23:22.207Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC CP 1604", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1616", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 343-1 Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 443-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 443-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 443-1 Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 443-1 OPC UA", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200pro IM154-8 PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200pro IM154-8F PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200pro IM154-8FX PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200S IM151-8 PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200S IM151-8F PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.1.6" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.7" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Upd4" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Upd4" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Upd4" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC IPC DiagMonitor", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.1.3" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF182C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF185C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.1.0" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF186C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.1.0" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF188C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.1.0" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF600R family", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.1" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RFID 181EIP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.6.1" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-1500 Software Controller", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.7" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 314C-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 315-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 315F-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 315T-3 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 317-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 317F-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 317T-3 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 317TF-3 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 319-3 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-300 CPU 319F-3 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC S7-PLCSIM Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.0 SP1 UPD1" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Teleservice Adapter IE Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Teleservice Adapter IE Basic", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Teleservice Adapter IE Standard", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinAC RTX 2010", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2010 SP3" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinAC RTX F 2010", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2010 SP3" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinCC Runtime Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Upd4" } ] }, { "defaultStatus": "unknown", "product": "SIMOCODE pro V Ethernet/IP (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.1.3" } ] }, { "defaultStatus": "unknown", "product": "SIMOCODE pro V PROFINET (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.1.3" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G130 V4.6 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G130 V4.7 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G130 V4.7 SP1 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G130 V4.8 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 HF6" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G130 V5.1 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G130 V5.1 SP1 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.1 SP1 HF4" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G150 V4.6 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G150 V4.7 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G150 V4.7 SP1 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G150 V4.8 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 HF6" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G150 V5.1 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS G150 V5.1 SP1 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.1 SP1 HF4" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS GH150 V4.7 (Control Unit)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS GH150 V4.8 (Control Unit)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 SP2 HF9" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS GL150 V4.7 (Control Unit)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS GL150 V4.8 (Control Unit)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 SP2 HF9" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS GM150 V4.7 (Control Unit)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS GM150 V4.8 (Control Unit)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 SP2 HF9" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 HF6" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.1 SP1 HF4" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S150 V4.6 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S150 V4.7 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S150 V4.7 SP1 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S150 V4.8 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 HF6" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S150 V5.1 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S150 V5.1 SP1 Control Unit", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.1 SP1 HF4" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S210", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V5.1 SP1 HF8" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS SL150 V4.7 (Control Unit)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.7 HF33" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS SL150 V4.8 (Control Unit)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS SM120 V4.7 (Control Unit)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS SM120 V4.8 (Control Unit)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V4.8 SP2 HF10" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS SM150 V4.8 (Control Unit)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200S IM151-8 PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200S IM151-8F PN/DP CPU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 343-1 Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 443-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 443-1 Advanced", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-300 CPU 314C-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.16" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-300 CPU 315-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-300 CPU 315F-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-300 CPU 317-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-300 CPU 317F-2 PN/DP", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.2.16" } ] }, { "defaultStatus": "unknown", "product": "SITOP Manager", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.1" } ] }, { "defaultStatus": "unknown", "product": "SITOP PSU8600", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.5" } ] }, { "defaultStatus": "unknown", "product": "SITOP UPS1600 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.3" } ] }, { "defaultStatus": "unknown", "product": "TIM 1531 IRC (incl. SIPLUS NET variants)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.1" } ] } ], "descriptions": [ { "lang": "en", "value": "The webserver of the affected devices contains a vulnerability that may lead to\r\na denial of service condition. An attacker may cause a denial of service\r\nsituation which leads to a restart of the webserver of the affected device.\r\n\r\nThe security vulnerability could be exploited by an attacker with network\r\naccess to the affected systems. Successful exploitation requires no system\r\nprivileges and no user interaction. An attacker could use the vulnerability\r\nto compromise availability of the device." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-09T11:51:03.049Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-6568", "datePublished": "2019-04-17T13:40:24", "dateReserved": "2019-01-22T00:00:00", "dateUpdated": "2024-08-04T20:23:22.207Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-37993
Vulnerability from cvelistv5
6.9 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC Reader RF610R CMIIT |
Version: 0 < V4.2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-37993", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:04:12.477171Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-10T15:04:32.084Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC Reader RF610R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF610R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF610R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF615R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF615R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF615R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R ARIB", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF650R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R ARIB", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF680R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R ARIB", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R CMIIT", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R ETSI", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Reader RF685R FCC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF1140R", "vendor": "Siemens", "versions": [ { "lessThan": "V1.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF1170R", "vendor": "Siemens", "versions": [ { "lessThan": "V1.1", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF166C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF185C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF186C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF186CI", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF188C", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF188CI", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC RF360R", "vendor": "Siemens", "versions": [ { "lessThan": "V2.2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) (All versions \u003c V4.2), SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) (All versions \u003c V4.2), SIMATIC RF1140R (6GT2831-6CB00) (All versions \u003c V1.1), SIMATIC RF1170R (6GT2831-6BB00) (All versions \u003c V1.1), SIMATIC RF166C (6GT2002-0EE20) (All versions \u003c V2.2), SIMATIC RF185C (6GT2002-0JE10) (All versions \u003c V2.2), SIMATIC RF186C (6GT2002-0JE20) (All versions \u003c V2.2), SIMATIC RF186CI (6GT2002-0JE50) (All versions \u003c V2.2), SIMATIC RF188C (6GT2002-0JE40) (All versions \u003c V2.2), SIMATIC RF188CI (6GT2002-0JE60) (All versions \u003c V2.2), SIMATIC RF360R (6GT2801-5BA30) (All versions \u003c V2.2). The affected applications do not authenticated the creation of Ajax2App instances. This could allow an unauthenticated attacker to cause a denial of service condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284: Improper Access Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-10T09:36:39.074Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-765405.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-37993", "datePublished": "2024-09-10T09:36:39.074Z", "dateReserved": "2024-06-11T08:32:52.184Z", "dateUpdated": "2024-09-10T15:04:32.084Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }