cnvd - cnvd-2023-09128

cnvd-2023-09128

Vulnerability from cnvd

Title: Siemens RUGGEDCOM APE1808产品系列竞争条件漏洞

Description:

RUGGEDCOM APE1808是一个实用程序级应用程序托管平台，允许您在恶劣的工业环境中部署一系列用于边缘计算和网络安全的商用应用程序。

Siemens RUGGEDCOM APE1808产品系列存在竞争条件漏洞，攻击者可利用该漏洞在检查参数值之后但在使用之前更改内容（TOCTOU攻击）。

Severity: 中

Formal description:

目前没有详细解决方案提供： https://new.siemens.com/cn/zh.html

Reference: https://cert-portal.siemens.com/productcert/html/ssa-450613.html

Impacted products

Name
['Siemens RUGGEDCOM APE1808 CLOUDCONNECT (6GK6015-0AL20-0GM0)', 'Siemens RUGGEDCOM APE1808 CKP CC (6GK6015-0AL20-0GK1)', 'Siemens RUGGEDCOM APE1808 CKP (6GK6015-0AL20-0GK0)', 'Siemens RUGGEDCOM APE1808 ADM CC (6GK6015-0AL20-0GL1)', 'Siemens RUGGEDCOM APE1808 ADM (6GK6015-0AL20-0GL0)', 'Siemens RUGGEDCOM APE1808 SAM-L CC (6GK6015-0AL20-0GN1)', 'Siemens RUGGEDCOM APE1808 SAM-L (6GK6015-0AL20-0GN0)', 'Siemens RUGGEDCOM APE1808 ELAN CC (6GK6015-0AL20-0GP1)', 'Siemens RUGGEDCOM APE1808 ELAN (6GK6015-0AL20-0GP0)', 'Siemens RUGGEDCOM APE1808 CLOUDCONNECT CC (6GK6015-0AL20-0GM1)', 'Siemens RUGGEDCOM APE1808CLA-S3 (6GK6015-0AL20-1AD0)', 'Siemens RUGGEDCOM APE1808CLA-S1 CC (6GK6015-0AL20-1AB1)', 'Siemens RUGGEDCOM APE1808CLA-S1 (6GK6015-0AL20-1AB0)', 'Siemens RUGGEDCOM APE1808CLA-P CC (6GK6015-0AL20-1AA1)', 'Siemens RUGGEDCOM APE1808CLA-P (6GK6015-0AL20-1AA0)', 'Siemens RUGGEDCOM APE1808LNX CC (6GK6015-0AL20-0GH1)', 'Siemens RUGGEDCOM APE1808LNX (6GK6015-0AL20-0GH0)', 'Siemens RUGGEDCOM APE1808CLA-S5 CC (6GK6015-0AL20-1AF1)', 'Siemens RUGGEDCOM APE1808CLA-S5 (6GK6015-0AL20-1AF0)', 'Siemens RUGGEDCOM APE1808CLA-S3 CC (6GK6015-0AL20-1AD1)', 'Siemens RUGGEDCOM APE1808W10 CC (6GK6015-0AL20-0GJ1)', 'Siemens RUGGEDCOM APE1808W10 (6GK6015-0AL20-0GJ0)']

Name

['Siemens RUGGEDCOM APE1808 CLOUDCONNECT (6GK6015-0AL20-0GM0)', 'Siemens RUGGEDCOM APE1808 CKP CC (6GK6015-0AL20-0GK1)', 'Siemens RUGGEDCOM APE1808 CKP (6GK6015-0AL20-0GK0)', 'Siemens RUGGEDCOM APE1808 ADM CC (6GK6015-0AL20-0GL1)', 'Siemens RUGGEDCOM APE1808 ADM (6GK6015-0AL20-0GL0)', 'Siemens RUGGEDCOM APE1808 SAM-L CC (6GK6015-0AL20-0GN1)', 'Siemens RUGGEDCOM APE1808 SAM-L (6GK6015-0AL20-0GN0)', 'Siemens RUGGEDCOM APE1808 ELAN CC (6GK6015-0AL20-0GP1)', 'Siemens RUGGEDCOM APE1808 ELAN (6GK6015-0AL20-0GP0)', 'Siemens RUGGEDCOM APE1808 CLOUDCONNECT CC (6GK6015-0AL20-0GM1)', 'Siemens RUGGEDCOM APE1808CLA-S3 (6GK6015-0AL20-1AD0)', 'Siemens RUGGEDCOM APE1808CLA-S1 CC (6GK6015-0AL20-1AB1)', 'Siemens RUGGEDCOM APE1808CLA-S1 (6GK6015-0AL20-1AB0)', 'Siemens RUGGEDCOM APE1808CLA-P CC (6GK6015-0AL20-1AA1)', 'Siemens RUGGEDCOM APE1808CLA-P (6GK6015-0AL20-1AA0)', 'Siemens RUGGEDCOM APE1808LNX CC (6GK6015-0AL20-0GH1)', 'Siemens RUGGEDCOM APE1808LNX (6GK6015-0AL20-0GH0)', 'Siemens RUGGEDCOM APE1808CLA-S5 CC (6GK6015-0AL20-1AF1)', 'Siemens RUGGEDCOM APE1808CLA-S5 (6GK6015-0AL20-1AF0)', 'Siemens RUGGEDCOM APE1808CLA-S3 CC (6GK6015-0AL20-1AD1)', 'Siemens RUGGEDCOM APE1808W10 CC (6GK6015-0AL20-0GJ1)', 'Siemens RUGGEDCOM APE1808W10 (6GK6015-0AL20-0GJ0)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-30774"
    }
  },
  "description": "RUGGEDCOM APE1808\u662f\u4e00\u4e2a\u5b9e\u7528\u7a0b\u5e8f\u7ea7\u5e94\u7528\u7a0b\u5e8f\u6258\u7ba1\u5e73\u53f0\uff0c\u5141\u8bb8\u60a8\u5728\u6076\u52a3\u7684\u5de5\u4e1a\u73af\u5883\u4e2d\u90e8\u7f72\u4e00\u7cfb\u5217\u7528\u4e8e\u8fb9\u7f18\u8ba1\u7b97\u548c\u7f51\u7edc\u5b89\u5168\u7684\u5546\u7528\u5e94\u7528\u7a0b\u5e8f\u3002\n\nSiemens RUGGEDCOM APE1808\u4ea7\u54c1\u7cfb\u5217\u5b58\u5728\u7ade\u4e89\u6761\u4ef6\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u68c0\u67e5\u53c2\u6570\u503c\u4e4b\u540e\u4f46\u5728\u4f7f\u7528\u4e4b\u524d\u66f4\u6539\u5185\u5bb9\uff08TOCTOU\u653b\u51fb\uff09\u3002",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttps://new.siemens.com/cn/zh.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-09128",
  "openTime": "2023-02-15",
  "products": {
    "product": [
      "Siemens RUGGEDCOM APE1808 CLOUDCONNECT (6GK6015-0AL20-0GM0)",
      "Siemens RUGGEDCOM APE1808 CKP CC (6GK6015-0AL20-0GK1)",
      "Siemens RUGGEDCOM APE1808 CKP (6GK6015-0AL20-0GK0)",
      "Siemens RUGGEDCOM APE1808 ADM CC (6GK6015-0AL20-0GL1)",
      "Siemens RUGGEDCOM APE1808 ADM (6GK6015-0AL20-0GL0)",
      "Siemens RUGGEDCOM APE1808 SAM-L CC (6GK6015-0AL20-0GN1)",
      "Siemens RUGGEDCOM APE1808 SAM-L (6GK6015-0AL20-0GN0)",
      "Siemens RUGGEDCOM APE1808 ELAN CC (6GK6015-0AL20-0GP1)",
      "Siemens RUGGEDCOM APE1808 ELAN (6GK6015-0AL20-0GP0)",
      "Siemens RUGGEDCOM APE1808 CLOUDCONNECT CC (6GK6015-0AL20-0GM1)",
      "Siemens RUGGEDCOM APE1808CLA-S3 (6GK6015-0AL20-1AD0)",
      "Siemens RUGGEDCOM APE1808CLA-S1 CC (6GK6015-0AL20-1AB1)",
      "Siemens RUGGEDCOM APE1808CLA-S1 (6GK6015-0AL20-1AB0)",
      "Siemens RUGGEDCOM APE1808CLA-P CC (6GK6015-0AL20-1AA1)",
      "Siemens RUGGEDCOM APE1808CLA-P (6GK6015-0AL20-1AA0)",
      "Siemens RUGGEDCOM APE1808LNX CC (6GK6015-0AL20-0GH1)",
      "Siemens RUGGEDCOM APE1808LNX (6GK6015-0AL20-0GH0)",
      "Siemens RUGGEDCOM APE1808CLA-S5 CC (6GK6015-0AL20-1AF1)",
      "Siemens RUGGEDCOM APE1808CLA-S5 (6GK6015-0AL20-1AF0)",
      "Siemens RUGGEDCOM APE1808CLA-S3 CC (6GK6015-0AL20-1AD1)",
      "Siemens RUGGEDCOM APE1808W10 CC (6GK6015-0AL20-0GJ1)",
      "Siemens RUGGEDCOM APE1808W10 (6GK6015-0AL20-0GJ0)"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-450613.html",
  "serverity": "\u4e2d",
  "submitTime": "2023-02-14",
  "title": "Siemens RUGGEDCOM APE1808\u4ea7\u54c1\u7cfb\u5217\u7ade\u4e89\u6761\u4ef6\u6f0f\u6d1e"
}

CVE-2022-30774 (GCVE-0-2022-30774)

Vulnerability from cvelistv5

Published

2022-11-14 00:00

Modified

2025-04-30 19:13

Severity ?

6.4 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE

Summary

DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) . This issue was discovered by Insyde engineering during a security review. This iss was fixed in Kernel 5.2: 05.27.29, Kernel 5.3: 05.36.25, Kernel 5.4: 05.44.25, Kernel 5.5: 05.52.25. CWE-367 https://www.insyde.com/security-pledge/SA-2022043

References

▼	URL	Tags
	https://www.insyde.com/security-pledge
	https://www.insyde.com/security-pledge/SA-2022043
	https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T06:56:14.020Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.insyde.com/security-pledge"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.insyde.com/security-pledge/SA-2022043"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-30774",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-30T19:12:39.035985Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-367",
                "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-30T19:13:10.455Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) DMA attacks on the parameter buffer used by the PnpSmm driver could change the contents after parameter values have been checked but before they are used (a TOCTOU attack) . This issue was discovered by Insyde engineering during a security review. This iss was fixed in Kernel 5.2: 05.27.29, Kernel 5.3: 05.36.25, Kernel 5.4: 05.44.25, Kernel 5.5: 05.52.25. CWE-367 https://www.insyde.com/security-pledge/SA-2022043"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-14T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.insyde.com/security-pledge"
        },
        {
          "url": "https://www.insyde.com/security-pledge/SA-2022043"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-30774",
    "datePublished": "2022-11-14T00:00:00.000Z",
    "dateReserved": "2022-05-16T00:00:00.000Z",
    "dateUpdated": "2025-04-30T19:13:10.455Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted