cvelistv5 - cve-2024-28115

CVE-2024-28115 (GCVE-0-2024-28115)

Vulnerability from cvelistv5

Published

2024-03-07 20:54

Modified

2024-08-28 17:42

Severity ?

8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-284 - Improper Access Control

Summary

FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper.

References

URL

	Vendor	Product	Version
	FreeRTOS	FreeRTOS-Kernel	Version: < 10.6.2

sca-2025-0003

Vulnerability from csaf_sick

Published

2025-02-28 00:00

Modified

2025-05-20 11:00

Summary

FreeRTOS Vulnerabilities have no impact on SICK Products

Notes

summary

FreeRTOS has several known vulnerabilities and is used in various SICK products. A current analysis confirms that the identified vulnerabilities in FreeRTOS do not affect the mentioned SICK products. At this time, there is no indication of any potential risks to these SICK products.

General Security Measures

As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.

Vulnerability Classification

SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "FreeRTOS has several known vulnerabilities and is used in various SICK products. A current analysis confirms that the identified vulnerabilities in FreeRTOS do not affect the mentioned SICK products. At this time, there is no indication of any potential risks to these SICK products.",
        "title": "summary"
      },
      {
        "category": "general",
        "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Security Measures"
      },
      {
        "category": "general",
        "text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
        "title": "Vulnerability Classification"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@sick.de",
      "issuing_authority": "SICK AG issues and issues in EHS products (when related to the Endress+Hauser SICK (EHS) joint venture).",
      "name": "SICK PSIRT",
      "namespace": "https://www.sick.com/psirt"
    },
    "references": [
      {
        "summary": "SICK PSIRT Security Advisories",
        "url": "https://sick.com/psirt"
      },
      {
        "summary": "SICK Operating Guidelines",
        "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
      },
      {
        "summary": "ICS-CERT recommended practices on Industrial Security",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "summary": "CVSS v3.1 Calculator",
        "url": "https://www.first.org/cvss/calculator/3.1"
      },
      {
        "category": "self",
        "summary": "The canonical URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0003.json"
      }
    ],
    "title": "FreeRTOS Vulnerabilities have no impact on SICK Products",
    "tracking": {
      "current_release_date": "2025-05-20T11:00:00.000Z",
      "generator": {
        "date": "2025-05-13T08:12:25.055Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.25"
        }
      },
      "id": "SCA-2025-0003",
      "initial_release_date": "2025-02-28T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-02-28T11:00:00.000Z",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-05-20T11:00:00.000Z",
          "number": "2",
          "summary": "Added two products: ANS58 and ANM58. Both have the product status \u0027Known Not Affected\u0027."
        },
        {
          "date": "2025-07-30T07:30:49.000Z",
          "number": "3",
          "summary": "Updated Advisory: URL for SICK Operating Guidelines has been updated"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK deTem4 all versions",
                      "product_id": "CSAFPID-0001",
                      "product_identification_helper": {
                        "skus": [
                          "1128426",
                          "1128427",
                          "1128428",
                          "1128429",
                          "1128430",
                          "1128431",
                          "1128432",
                          "1128433",
                          "1128434",
                          "1128435",
                          "1128436",
                          "1128437",
                          "1128438",
                          "1128439",
                          "1128440"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "deTem4"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK deTem4 A/P all versions",
                      "product_id": "CSAFPID-0002",
                      "product_identification_helper": {
                        "skus": [
                          "1101921",
                          "1102144",
                          "1102633",
                          "1102634",
                          "1102635",
                          "1102636",
                          "1103066",
                          "1103067"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "deTem4 A/P"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK deTem4 LT Muting A/P  all versions",
                      "product_id": "CSAFPID-0003",
                      "product_identification_helper": {
                        "skus": [
                          "1110584",
                          "1108692",
                          "1108691"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "deTem4 LT Muting A/P "
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK deTem4 Core A/P  all versions",
                      "product_id": "CSAFPID-0004",
                      "product_identification_helper": {
                        "skus": [
                          "1101921",
                          "1102144",
                          "1102644",
                          "1102645",
                          "1103066",
                          "1103067"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "deTem4 Core A/P "
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK deTem2 Core A/P all versions",
                      "product_id": "CSAFPID-0005",
                      "product_identification_helper": {
                        "skus": [
                          "1101921",
                          "1102144",
                          "1102646",
                          "1102647",
                          "1103066",
                          "1103067"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "deTem2 Core A/P"
              }
            ],
            "category": "product_family",
            "name": "deTem"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK deTec4 all versions",
                      "product_id": "CSAFPID-0006",
                      "product_identification_helper": {
                        "skus": [
                          "1116161",
                          "1116162",
                          "1116163",
                          "1116164",
                          "1116165",
                          "1116166",
                          "1116167",
                          "1220084",
                          "1220085",
                          "1220086",
                          "1220087",
                          "1220088",
                          "1220089",
                          "1220090",
                          "1220091",
                          "1220092",
                          "1220093",
                          "1220094",
                          "1220095",
                          "1220096",
                          "1220097",
                          "1220098",
                          "1220099",
                          "1220100",
                          "1220101",
                          "1220102",
                          "1220103",
                          "1220104",
                          "1220105",
                          "1220106",
                          "1220107",
                          "1220108",
                          "1220109",
                          "1220110",
                          "1220111",
                          "1220112",
                          "1220113",
                          "1220114",
                          "1220115",
                          "1220116",
                          "1220117",
                          "1220118",
                          "1220119",
                          "1220120",
                          "1220121",
                          "1220122",
                          "1220123",
                          "1220124",
                          "1220125",
                          "1220126",
                          "1220127",
                          "1220128",
                          "1220129",
                          "1220130",
                          "1220131",
                          "1220132",
                          "1220134",
                          "1220135",
                          "1220136",
                          "1220137",
                          "1220138",
                          "1220139",
                          "1220140",
                          "1220141",
                          "1220142",
                          "1220143",
                          "1220144",
                          "1220145",
                          "1220146",
                          "1220147",
                          "1220148",
                          "1220149",
                          "1220150",
                          "1220151",
                          "1220152",
                          "1220153",
                          "1220154",
                          "1220155",
                          "1220156",
                          "1220157",
                          "1220158",
                          "1220159",
                          "1220160",
                          "1220161",
                          "1220162",
                          "1220639",
                          "1220640",
                          "1220641",
                          "1220642",
                          "1220643",
                          "1220644",
                          "1220645",
                          "1220646",
                          "1220647",
                          "1220648",
                          "1220649",
                          "1220650",
                          "1220651"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "deTec4"
              }
            ],
            "category": "product_family",
            "name": "deTec4"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK scanGrid2 all versions",
                      "product_id": "CSAFPID-0007",
                      "product_identification_helper": {
                        "skus": [
                          "1101561",
                          "1109414"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "scanGrid2"
              }
            ],
            "category": "product_family",
            "name": "scanGrid2"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK DMM4 all versions",
                      "product_id": "CSAFPID-0008",
                      "product_identification_helper": {
                        "skus": [
                          "1125562"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "DMM4"
              }
            ],
            "category": "product_family",
            "name": "DMM4"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK safeVisionary2 all versions",
                      "product_id": "CSAFPID-0009",
                      "product_identification_helper": {
                        "skus": [
                          "1116398"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "safeVisionary2"
              }
            ],
            "category": "product_family",
            "name": "safeVisionary2"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK FXL1 all versions",
                      "product_id": "CSAFPID-0010",
                      "product_identification_helper": {
                        "skus": [
                          "1101320",
                          "1101321",
                          "1101322",
                          "1101323",
                          "1101324",
                          "1101325",
                          "1120827",
                          "1120828",
                          "1122586",
                          "1122587",
                          "1112205",
                          "1112206",
                          "1143315",
                          "1143316",
                          "1144849",
                          "1144850"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "FXL1"
              }
            ],
            "category": "product_family",
            "name": "flexLock"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK SE1 all versions",
                      "product_id": "CSAFPID-0011",
                      "product_identification_helper": {
                        "skus": [
                          "1132196",
                          "1132197"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "SE1"
              }
            ],
            "category": "product_family",
            "name": "SE1"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK ANM58B all versions",
                      "product_id": "CSAFPID-0012",
                      "product_identification_helper": {
                        "skus": [
                          "1145910",
                          "1146128",
                          "1146129",
                          "1146130",
                          "1146132",
                          "1146133",
                          "1146134",
                          "1146135",
                          "1146136",
                          "1146137",
                          "1146519",
                          "1146524",
                          "1146526",
                          "1146529",
                          "1146643",
                          "1146644",
                          "1146645",
                          "1146648",
                          "1148701",
                          "1148703",
                          "1148711",
                          "1148725",
                          "1148730"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "ANM58B"
              }
            ],
            "category": "product_family",
            "name": "ANM58 PROFINET "
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK ANS58B all versions",
                      "product_id": "CSAFPID-0013",
                      "product_identification_helper": {
                        "skus": [
                          "1145911",
                          "1145966",
                          "1146127",
                          "1146131",
                          "1146525",
                          "1146658",
                          "1148702",
                          "1148706",
                          "1148712",
                          "1148713",
                          "1148717",
                          "1148718",
                          "1148721",
                          "1148722",
                          "1148726",
                          "1148727",
                          "1148731",
                          "1148732",
                          "1149238",
                          "1149416",
                          "1149417",
                          "1149418"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "ANS58B"
              }
            ],
            "category": "product_family",
            "name": "ANS58 PROFINET "
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "1.02 up to 1.30",
                "product": {
                  "name": "SICK deTem4 firmware 1.02 up to 1.30",
                  "product_id": "CSAFPID-0014"
                }
              }
            ],
            "category": "product_name",
            "name": "deTem4 firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "1.02 up to 1.30",
                "product": {
                  "name": "SICK deTem4 A/P firmware 1.02 up to 1.30",
                  "product_id": "CSAFPID-0015"
                }
              }
            ],
            "category": "product_name",
            "name": "deTem4 A/P firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "1.05 up to 1.43",
                "product": {
                  "name": "SICK deTec4 firmware 1.05 up to 1.43",
                  "product_id": "CSAFPID-0016"
                }
              }
            ],
            "category": "product_name",
            "name": "deTec4 firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "1.10 up to 1.15",
                "product": {
                  "name": "SICK scanGrid2 firmware 1.10 up to 1.15",
                  "product_id": "CSAFPID-0017"
                }
              }
            ],
            "category": "product_name",
            "name": "scanGrid2 firmware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.02",
                "product": {
                  "name": "SICK DMM4 firmware 1.02",
                  "product_id": "CSAFPID-0018"
                }
              }
            ],
            "category": "product_name",
            "name": "DMM4 firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK safeVisionary2 firmware all versions",
                  "product_id": "CSAFPID-0019"
                }
              }
            ],
            "category": "product_name",
            "name": "safeVisionary2 firmware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.20.00",
                "product": {
                  "name": "SICK FXL1 firmware 1.20.00",
                  "product_id": "CSAFPID-0020"
                }
              }
            ],
            "category": "product_name",
            "name": "FXL1 firmware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.16.00",
                "product": {
                  "name": "SICK SE1 firmware 1.16.00",
                  "product_id": "CSAFPID-0021"
                }
              }
            ],
            "category": "product_name",
            "name": "SE1 firmware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.10",
                "product": {
                  "name": "SICK deTem4 LT Muting A/P firmware 1.10",
                  "product_id": "CSAFPID-0022"
                }
              }
            ],
            "category": "product_name",
            "name": "deTem4 LT Muting A/P firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "1.04 up to 1.10",
                "product": {
                  "name": "SICK deTem4 Core A/P firmware 1.04 up to 1.10",
                  "product_id": "CSAFPID-0023"
                }
              }
            ],
            "category": "product_name",
            "name": "deTem4 Core A/P firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "1.04 up to 1.10",
                "product": {
                  "name": "SICK deTem2 Core A/P 1.04 up to 1.10",
                  "product_id": "CSAFPID-0024"
                }
              }
            ],
            "category": "product_name",
            "name": "deTem2 Core A/P"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK ANM58B firmware all versions",
                  "product_id": "CSAFPID-0025"
                }
              }
            ],
            "category": "product_name",
            "name": "ANM58B firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK ANS58B firmware all versions",
                  "product_id": "CSAFPID-0026"
                }
              }
            ],
            "category": "product_name",
            "name": "ANS58B firmware"
          }
        ],
        "category": "vendor",
        "name": "SICK AG"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK deTem4 with Firmware 1.02 up to 1.30",
          "product_id": "CSAFPID-0027"
        },
        "product_reference": "CSAFPID-0014",
        "relates_to_product_reference": "CSAFPID-0001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK deTem4 A/P with Firmware 1.02 up to 1.30",
          "product_id": "CSAFPID-0028"
        },
        "product_reference": "CSAFPID-0015",
        "relates_to_product_reference": "CSAFPID-0002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK deTec4 with Firmware 1.05 up to 1.43",
          "product_id": "CSAFPID-0029"
        },
        "product_reference": "CSAFPID-0016",
        "relates_to_product_reference": "CSAFPID-0006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK scanGrid2 with Firmware 1.10 up to 1.15",
          "product_id": "CSAFPID-0030"
        },
        "product_reference": "CSAFPID-0017",
        "relates_to_product_reference": "CSAFPID-0007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK DMM4 with Firmware 1.02",
          "product_id": "CSAFPID-0031"
        },
        "product_reference": "CSAFPID-0018",
        "relates_to_product_reference": "CSAFPID-0008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK safeVisionary2 all Firmware versions",
          "product_id": "CSAFPID-0032"
        },
        "product_reference": "CSAFPID-0019",
        "relates_to_product_reference": "CSAFPID-0009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FXL1 with Firmware 1.20.00",
          "product_id": "CSAFPID-0033"
        },
        "product_reference": "CSAFPID-0020",
        "relates_to_product_reference": "CSAFPID-0010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK SE1 with Firmware 1.16.00",
          "product_id": "CSAFPID-0034"
        },
        "product_reference": "CSAFPID-0021",
        "relates_to_product_reference": "CSAFPID-0011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK deTem4 LT Muting A/P  with Firmware 1.10",
          "product_id": "CSAFPID-0035"
        },
        "product_reference": "CSAFPID-0022",
        "relates_to_product_reference": "CSAFPID-0003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK deTem4 Core A/P  with Firmware 1.04 up to 1.10",
          "product_id": "CSAFPID-0036"
        },
        "product_reference": "CSAFPID-0023",
        "relates_to_product_reference": "CSAFPID-0004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK deTem2 Core A/P with Firmware 1.04 up to 1.10",
          "product_id": "CSAFPID-0037"
        },
        "product_reference": "CSAFPID-0024",
        "relates_to_product_reference": "CSAFPID-0005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK ANM58B all Firmware versions",
          "product_id": "CSAFPID-0038"
        },
        "product_reference": "CSAFPID-0025",
        "relates_to_product_reference": "CSAFPID-0012"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK ANS58B all Firmware versions",
          "product_id": "CSAFPID-0039"
        },
        "product_reference": "CSAFPID-0026",
        "relates_to_product_reference": "CSAFPID-0013"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-28115",
      "cwe": {
        "id": "CWE-280",
        "name": "Improper Handling of Insufficient Permissions or Privileges "
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ],
      "title": "Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled"
    },
    {
      "cve": "CVE-2018-16525",
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\\LLMNR packets in prvParseDNSReply.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.1,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 8.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2021-43997",
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code from calling the xPortRaisePrivilege internal function to raise privilege. FreeRTOS versions through 10.4.6 do not prevent a third party that has already independently gained the ability to execute injected code to achieve further privilege escalation by branching directly inside a FreeRTOS MPU API wrapper function with a manually crafted stack frame. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with MPU support enabled (i.e. configENABLE_MPU set to 1). These are fixed in V10.5.0 and in V10.4.3-LTS Patch 3.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2021-31571",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2021-32020",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2021-31572",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16601",
      "cwe": {
        "id": "CWE-191",
        "name": "Integer Underflow (Wrap or Wraparound)"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly remote code execution.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.1,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 8.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16526",
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to leak information or execute arbitrary code because of a Buffer Overflow during generation of a protocol checksum in usGenerateProtocolChecksum and prvProcessIPPacket.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.1,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 8.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16523",
      "cwe": {
        "id": "CWE-369",
        "name": "Divide By Zero"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.4,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.4,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16600",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16527",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16524",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16599",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of NBNS packets in prvTreatNBNS can be used for information disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16598",
      "cwe": {
        "id": "CWE-441",
        "name": "Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a sent DNS request.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16602",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16603",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an attacker.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    }
  ]
}

fkie_cve-2024-28115

Vulnerability from fkie_nvd

Published

2024-03-07 21:15

Modified

2024-11-21 09:05

Severity ?

8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2	Release Notes
security-advisories@github.com	https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r	Technical Description, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r	Technical Description, Vendor Advisory

Impacted products

	Vendor	Product	Version
	amazon	freertos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:amazon:freertos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA95DB2-A48A-46A8-B589-F17236ECB4AC",
              "versionEndExcluding": "10.6.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper. "
    },
    {
      "lang": "es",
      "value": "FreeRTOS es un sistema operativo en tiempo real para microcontroladores. Las versiones del kernel de FreeRTOS hasta la 10.6.1 no protegen suficientemente contra la escalada de privilegios locales a trav\u00e9s de t\u00e9cnicas de programaci\u00f3n orientada al retorno en caso de que exista una vulnerabilidad que permita la inyecci\u00f3n y ejecuci\u00f3n de c\u00f3digo. Estos problemas afectan a los puertos MPU ARMv7-M y a los puertos ARMv8-M con soporte de unidad protegida de memoria (MPU) habilitado (es decir, `configENABLE_MPU` establecido en 1). Estos problemas se solucionan en la versi\u00f3n 10.6.2 con un nuevo contenedor MPU."
    }
  ],
  "id": "CVE-2024-28115",
  "lastModified": "2024-11-21T09:05:50.867",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 6.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-03-07T21:15:08.567",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Technical Description",
        "Vendor Advisory"
      ],
      "url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Technical Description",
        "Vendor Advisory"
      ],
      "url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

tid-206

Vulnerability from emb3d

Type

system-software

Link

Show details on source website

Description

While the use of memory permissions, such as non-executable stack and heap memory, can prevent threat actors from injecting and executing malicious code, it is still possible to leverage a process’s existing code to perform a malicious function. For example, Return Oriented Programming (ROP) is a technique used by threat actors where once a process’s stack can be overwritten, a series of “returns” to portions of code within the process can be leveraged to cause an intended malicious function. This can include “returns” to existing libraries (e.g., libc), or other instruction sequences already in memory of that process. The exploitation of this threat may be possible through TID-219, and may also be enabled by the exploitation of TID-219.

CWE

CWE-284: Improper Access Control

gsd-2024-28115

Vulnerability from gsd

Modified

2024-03-05 06:02

Details

Aliases

CVE-2024-28115

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-28115"
      ],
      "details": "FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper. ",
      "id": "GSD-2024-28115",
      "modified": "2024-03-05T06:02:29.201331Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2024-28115",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "FreeRTOS-Kernel",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 10.6.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "FreeRTOS"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper. "
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-284",
                "lang": "eng",
                "value": "CWE-284: Improper Access Control"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r",
            "refsource": "MISC",
            "url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r"
          },
          {
            "name": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2",
            "refsource": "MISC",
            "url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-xcv7-v92w-gq6r",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper. "
          },
          {
            "lang": "es",
            "value": "FreeRTOS es un sistema operativo en tiempo real para microcontroladores. Las versiones del kernel de FreeRTOS hasta la 10.6.1 no protegen suficientemente contra la escalada de privilegios locales a trav\u00e9s de t\u00e9cnicas de programaci\u00f3n orientada al retorno en caso de que exista una vulnerabilidad que permita la inyecci\u00f3n y ejecuci\u00f3n de c\u00f3digo. Estos problemas afectan a los puertos MPU ARMv7-M y a los puertos ARMv8-M con soporte de unidad protegida de memoria (MPU) habilitado (es decir, `configENABLE_MPU` establecido en 1). Estos problemas se solucionan en la versi\u00f3n 10.6.2 con un nuevo contenedor MPU."
          }
        ],
        "id": "CVE-2024-28115",
        "lastModified": "2024-03-08T14:02:57.420",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.0,
              "impactScore": 6.0,
              "source": "security-advisories@github.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2024-03-07T21:15:08.567",
        "references": [
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2"
          },
          {
            "source": "security-advisories@github.com",
            "url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r"
          }
        ],
        "sourceIdentifier": "security-advisories@github.com",
        "vulnStatus": "Awaiting Analysis",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-284"
              }
            ],
            "source": "security-advisories@github.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-28115 (GCVE-0-2024-28115)

Vulnerability from cvelistv5

sca-2025-0003

Vulnerability from csaf_sick

fkie_cve-2024-28115

Vulnerability from fkie_nvd

tid-206

Vulnerability from emb3d

gsd-2024-28115

Vulnerability from gsd

Tags

Sightings

Nomenclature