Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2024-54092
Vulnerability from cvelistv5
Published
2025-04-08 08:22
Modified
2025-04-08 13:27
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All versions), Industrial Edge Device Kit - arm64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - arm64 V1.21 (All versions < V1.21.1-1), Industrial Edge Device Kit - x86-64 V1.17 (All versions), Industrial Edge Device Kit - x86-64 V1.18 (All versions), Industrial Edge Device Kit - x86-64 V1.19 (All versions), Industrial Edge Device Kit - x86-64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - x86-64 V1.21 (All versions < V1.21.1-1), Industrial Edge Own Device (IEOD) (All versions < V1.21.1-1-a), Industrial Edge Virtual Device (All versions < V1.21.1-1-a), SCALANCE LPE9413 (6GK5998-3GS01-2AC2) (All versions), SIMATIC IPC BX-39A Industrial Edge Device (All versions < V3.0), SIMATIC IPC BX-59A Industrial Edge Device (All versions < V3.0), SIMATIC IPC127E Industrial Edge Device (All versions < V3.0), SIMATIC IPC227E Industrial Edge Device (All versions < V3.0), SIMATIC IPC427E Industrial Edge Device (All versions < V3.0), SIMATIC IPC847E Industrial Edge Device (All versions < V3.0). Affected devices do not properly enforce user authentication on specific API endpoints when identity federation is used. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that identity federation is currently or has previously been used and the attacker has learned the identity of a legitimate user.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-54092", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-08T13:27:19.071254Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-08T13:27:35.300Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "Industrial Edge Device Kit - arm64 V1.17", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Industrial Edge Device Kit - arm64 V1.18", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Industrial Edge Device Kit - arm64 V1.19", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Industrial Edge Device Kit - arm64 V1.20", vendor: "Siemens", versions: [ { lessThan: "V1.20.2-1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Industrial Edge Device Kit - arm64 V1.21", vendor: "Siemens", versions: [ { lessThan: "V1.21.1-1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Industrial Edge Device Kit - x86-64 V1.17", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Industrial Edge Device Kit - x86-64 V1.18", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Industrial Edge Device Kit - x86-64 V1.19", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Industrial Edge Device Kit - x86-64 V1.20", vendor: "Siemens", versions: [ { lessThan: "V1.20.2-1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Industrial Edge Device Kit - x86-64 V1.21", vendor: "Siemens", versions: [ { lessThan: "V1.21.1-1", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Industrial Edge Own Device (IEOD)", vendor: "Siemens", versions: [ { lessThan: "V1.21.1-1-a", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "Industrial Edge Virtual Device", vendor: "Siemens", versions: [ { lessThan: "V1.21.1-1-a", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SCALANCE LPE9413", vendor: "Siemens", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC BX-39A Industrial Edge Device", vendor: "Siemens", versions: [ { lessThan: "V3.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC BX-59A Industrial Edge Device", vendor: "Siemens", versions: [ { lessThan: "V3.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC127E Industrial Edge Device", vendor: "Siemens", versions: [ { lessThan: "V3.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC227E Industrial Edge Device", vendor: "Siemens", versions: [ { lessThan: "V3.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC427E Industrial Edge Device", vendor: "Siemens", versions: [ { lessThan: "V3.0", status: "affected", version: "0", versionType: "custom", }, ], }, { defaultStatus: "unknown", product: "SIMATIC IPC847E Industrial Edge Device", vendor: "Siemens", versions: [ { lessThan: "V3.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All versions), Industrial Edge Device Kit - arm64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - arm64 V1.21 (All versions < V1.21.1-1), Industrial Edge Device Kit - x86-64 V1.17 (All versions), Industrial Edge Device Kit - x86-64 V1.18 (All versions), Industrial Edge Device Kit - x86-64 V1.19 (All versions), Industrial Edge Device Kit - x86-64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - x86-64 V1.21 (All versions < V1.21.1-1), Industrial Edge Own Device (IEOD) (All versions < V1.21.1-1-a), Industrial Edge Virtual Device (All versions < V1.21.1-1-a), SCALANCE LPE9413 (6GK5998-3GS01-2AC2) (All versions), SIMATIC IPC BX-39A Industrial Edge Device (All versions < V3.0), SIMATIC IPC BX-59A Industrial Edge Device (All versions < V3.0), SIMATIC IPC127E Industrial Edge Device (All versions < V3.0), SIMATIC IPC227E Industrial Edge Device (All versions < V3.0), SIMATIC IPC427E Industrial Edge Device (All versions < V3.0), SIMATIC IPC847E Industrial Edge Device (All versions < V3.0). Affected devices do not properly enforce user authentication on specific API endpoints when identity federation is used. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that identity federation is currently or has previously been used and the attacker has learned the identity of a legitimate user.", }, ], metrics: [ { cvssV3_1: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { cvssV4_0: { baseScore: 9.3, baseSeverity: "CRITICAL", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", version: "4.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1390", description: "CWE-1390: Weak Authentication", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-08T08:22:24.861Z", orgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", shortName: "siemens", }, references: [ { url: "https://cert-portal.siemens.com/productcert/html/ssa-634640.html", }, { url: "https://cert-portal.siemens.com/productcert/html/ssa-819629.html", }, ], }, }, cveMetadata: { assignerOrgId: "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", assignerShortName: "siemens", cveId: "CVE-2024-54092", datePublished: "2025-04-08T08:22:24.861Z", dateReserved: "2024-11-28T13:06:14.569Z", dateUpdated: "2025-04-08T13:27:35.300Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2024-54092\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2025-04-08T09:15:23.320\",\"lastModified\":\"2025-04-08T18:13:53.347\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All versions), Industrial Edge Device Kit - arm64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - arm64 V1.21 (All versions < V1.21.1-1), Industrial Edge Device Kit - x86-64 V1.17 (All versions), Industrial Edge Device Kit - x86-64 V1.18 (All versions), Industrial Edge Device Kit - x86-64 V1.19 (All versions), Industrial Edge Device Kit - x86-64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - x86-64 V1.21 (All versions < V1.21.1-1), Industrial Edge Own Device (IEOD) (All versions < V1.21.1-1-a), Industrial Edge Virtual Device (All versions < V1.21.1-1-a), SCALANCE LPE9413 (6GK5998-3GS01-2AC2) (All versions), SIMATIC IPC BX-39A Industrial Edge Device (All versions < V3.0), SIMATIC IPC BX-59A Industrial Edge Device (All versions < V3.0), SIMATIC IPC127E Industrial Edge Device (All versions < V3.0), SIMATIC IPC227E Industrial Edge Device (All versions < V3.0), SIMATIC IPC427E Industrial Edge Device (All versions < V3.0), SIMATIC IPC847E Industrial Edge Device (All versions < V3.0). Affected devices do not properly enforce user authentication on specific API endpoints when identity federation is used. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that identity federation is currently or has previously been used and the attacker has learned the identity of a legitimate user.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en Industrial Edge Device Kit - arm64 V1.17 (Todas las versiones), Industrial Edge Device Kit - arm64 V1.18 (Todas las versiones), Industrial Edge Device Kit - arm64 V1.19 (Todas las versiones), Industrial Edge Device Kit - arm64 V1.20 (Todas las versiones < V1.20.2-1), Industrial Edge Device Kit - arm64 V1.21 (Todas las versiones < V1.21.1-1), Industrial Edge Device Kit - x86-64 V1.17 (Todas las versiones), Industrial Edge Device Kit - x86-64 V1.18 (Todas las versiones), Industrial Edge Device Kit - x86-64 V1.19 (Todas las versiones), Industrial Edge Device Kit - x86-64 V1.20 (Todas las versiones < V1.20.2-1), Industrial Edge Device Kit - x86-64 V1.21 (Todas las versiones < V1.21.1-1), Industrial Edge Own Device (IEOD) (Todas las versiones < V1.21.1-1-a), Industrial Edge Device Kit (todas las versiones < V1.21.1-1-a), SCALANCE LPE9413 (6GK5998-3GS01-2AC2) (todas las versiones), SIMATIC IPC BX-39A Industrial Edge Device (todas las versiones < V3.0), SIMATIC IPC BX-59A Industrial Edge Device (todas las versiones < V3.0), SIMATIC IPC127E Industrial Edge Device (todas las versiones < V3.0), SIMATIC IPC227E Industrial Edge Device (todas las versiones < V3.0), SIMATIC IPC427E Industrial Edge Device (todas las versiones < V3.0), SIMATIC IPC847E Industrial Edge Device (todas las versiones < V3.0). Los dispositivos afectados no aplican correctamente la autenticación de usuario en endpoints de API específicos cuando se utiliza la federación de identidades. Esto podría facilitar que un atacante remoto no autenticado eluda la autenticación y se haga pasar por un usuario legítimo. Para una explotación exitosa es necesario que la federación de identidad esté actualmente en uso o se haya utilizado anteriormente y que el atacante haya conocido la identidad de un usuario legítimo.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1390\"}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-634640.html\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-819629.html\",\"source\":\"productcert@siemens.com\"}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-54092\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-08T13:27:19.071254Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-08T13:27:27.031Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\"}}, {\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 9.3, \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\"}}], \"affected\": [{\"vendor\": \"Siemens\", \"product\": \"Industrial Edge Device Kit - arm64 V1.17\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Industrial Edge Device Kit - arm64 V1.18\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Industrial Edge Device Kit - arm64 V1.19\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Industrial Edge Device Kit - arm64 V1.20\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V1.20.2-1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Industrial Edge Device Kit - arm64 V1.21\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V1.21.1-1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Industrial Edge Device Kit - x86-64 V1.17\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Industrial Edge Device Kit - x86-64 V1.18\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Industrial Edge Device Kit - x86-64 V1.19\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Industrial Edge Device Kit - x86-64 V1.20\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V1.20.2-1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Industrial Edge Device Kit - x86-64 V1.21\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V1.21.1-1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Industrial Edge Own Device (IEOD)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V1.21.1-1-a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Industrial Edge Virtual Device\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V1.21.1-1-a\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SCALANCE LPE9413\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC IPC BX-39A Industrial Edge Device\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC IPC BX-59A Industrial Edge Device\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC IPC127E Industrial Edge Device\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC IPC227E Industrial Edge Device\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC IPC427E Industrial Edge Device\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC IPC847E Industrial Edge Device\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V3.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-634640.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-819629.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All versions), Industrial Edge Device Kit - arm64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - arm64 V1.21 (All versions < V1.21.1-1), Industrial Edge Device Kit - x86-64 V1.17 (All versions), Industrial Edge Device Kit - x86-64 V1.18 (All versions), Industrial Edge Device Kit - x86-64 V1.19 (All versions), Industrial Edge Device Kit - x86-64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - x86-64 V1.21 (All versions < V1.21.1-1), Industrial Edge Own Device (IEOD) (All versions < V1.21.1-1-a), Industrial Edge Virtual Device (All versions < V1.21.1-1-a), SCALANCE LPE9413 (6GK5998-3GS01-2AC2) (All versions), SIMATIC IPC BX-39A Industrial Edge Device (All versions < V3.0), SIMATIC IPC BX-59A Industrial Edge Device (All versions < V3.0), SIMATIC IPC127E Industrial Edge Device (All versions < V3.0), SIMATIC IPC227E Industrial Edge Device (All versions < V3.0), SIMATIC IPC427E Industrial Edge Device (All versions < V3.0), SIMATIC IPC847E Industrial Edge Device (All versions < V3.0). Affected devices do not properly enforce user authentication on specific API endpoints when identity federation is used. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that identity federation is currently or has previously been used and the attacker has learned the identity of a legitimate user.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1390\", \"description\": \"CWE-1390: Weak Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"shortName\": \"siemens\", \"dateUpdated\": \"2025-04-08T08:22:24.861Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2024-54092\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-08T13:27:35.300Z\", \"dateReserved\": \"2024-11-28T13:06:14.569Z\", \"assignerOrgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"datePublished\": \"2025-04-08T08:22:24.861Z\", \"assignerShortName\": \"siemens\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
ghsa-66rj-6jjf-mmhq
Vulnerability from github
Published
2025-04-08 09:31
Modified
2025-04-08 09:31
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Details
A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All versions), Industrial Edge Device Kit - arm64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - arm64 V1.21 (All versions < V1.21.1-1), Industrial Edge Device Kit - x86-64 V1.17 (All versions), Industrial Edge Device Kit - x86-64 V1.18 (All versions), Industrial Edge Device Kit - x86-64 V1.19 (All versions), Industrial Edge Device Kit - x86-64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - x86-64 V1.21 (All versions < V1.21.1-1), Industrial Edge Own Device (IEOD) (All versions < V1.21.1-1-a), Industrial Edge Virtual Device (All versions < V1.21.1-1-a), SCALANCE LPE9413 (6GK5998-3GS01-2AC2) (All versions), SIMATIC IPC BX-39A Industrial Edge Device (All versions < V3.0), SIMATIC IPC BX-59A Industrial Edge Device (All versions < V3.0), SIMATIC IPC127E Industrial Edge Device (All versions < V3.0), SIMATIC IPC227E Industrial Edge Device (All versions < V3.0), SIMATIC IPC427E Industrial Edge Device (All versions < V3.0), SIMATIC IPC847E Industrial Edge Device (All versions < V3.0). Affected devices do not properly enforce user authentication on specific API endpoints when identity federation is used. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that identity federation is currently or has previously been used and the attacker has learned the identity of a legitimate user.
{ affected: [], aliases: [ "CVE-2024-54092", ], database_specific: { cwe_ids: [ "CWE-1390", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2025-04-08T09:15:23Z", severity: "CRITICAL", }, details: "A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All versions), Industrial Edge Device Kit - arm64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - arm64 V1.21 (All versions < V1.21.1-1), Industrial Edge Device Kit - x86-64 V1.17 (All versions), Industrial Edge Device Kit - x86-64 V1.18 (All versions), Industrial Edge Device Kit - x86-64 V1.19 (All versions), Industrial Edge Device Kit - x86-64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - x86-64 V1.21 (All versions < V1.21.1-1), Industrial Edge Own Device (IEOD) (All versions < V1.21.1-1-a), Industrial Edge Virtual Device (All versions < V1.21.1-1-a), SCALANCE LPE9413 (6GK5998-3GS01-2AC2) (All versions), SIMATIC IPC BX-39A Industrial Edge Device (All versions < V3.0), SIMATIC IPC BX-59A Industrial Edge Device (All versions < V3.0), SIMATIC IPC127E Industrial Edge Device (All versions < V3.0), SIMATIC IPC227E Industrial Edge Device (All versions < V3.0), SIMATIC IPC427E Industrial Edge Device (All versions < V3.0), SIMATIC IPC847E Industrial Edge Device (All versions < V3.0). Affected devices do not properly enforce user authentication on specific API endpoints when identity federation is used. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that identity federation is currently or has previously been used and the attacker has learned the identity of a legitimate user.", id: "GHSA-66rj-6jjf-mmhq", modified: "2025-04-08T09:31:12Z", published: "2025-04-08T09:31:12Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-54092", }, { type: "WEB", url: "https://cert-portal.siemens.com/productcert/html/ssa-634640.html", }, { type: "WEB", url: "https://cert-portal.siemens.com/productcert/html/ssa-819629.html", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, { score: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", type: "CVSS_V4", }, ], }
ncsc-2025-0106
Vulnerability from csaf_ncscnl
Published
2025-04-08 13:57
Modified
2025-04-08 13:57
Summary
Kwetsbaarheden verholpen in Siemens producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Siemens heeft kwetsbaarheden verholpen in diverse producten als Industrial Edge Devices, Mendix, SENTRON, SIDIS, SIMATIC, SIPLUS,Insights Hub Private Cloud, Siemens License Server en Solid Edge.
Interpretaties
De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- Omzeilen van een beveiligingsmaatregel
- Omzeilen van authenticatie
- (Remote) code execution (root/admin rechten)
- (Remote) code execution (Gebruikersrechten)
- Toegang tot systeemgegevens
- Toegang tot gevoelige gegevens
- Spoofing
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen
Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Dreigingsinformatie
Kans
medium
Schade
high
CWE-287
Improper Authentication
CWE-1240
Use of a Cryptographic Primitive with a Risky Implementation
CWE-606
Unchecked Input for Loop Condition
CWE-1395
Dependency on Vulnerable Third-Party Component
CWE-363
Race Condition Enabling Link Following
CWE-420
Unprotected Alternate Channel
CWE-684
Incorrect Provision of Specified Functionality
CWE-834
Excessive Iteration
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-440
Expected Behavior Violation
CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE-319
Cleartext Transmission of Sensitive Information
CWE-354
Improper Validation of Integrity Check Value
CWE-325
Missing Cryptographic Step
CWE-404
Improper Resource Shutdown or Release
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1333
Inefficient Regular Expression Complexity
CWE-416
Use After Free
CWE-476
NULL Pointer Dereference
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
CWE-400
Uncontrolled Resource Consumption
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-20
Improper Input Validation
CWE-1390
Weak Authentication
CWE-204
Observable Response Discrepancy
CWE-15
External Control of System or Configuration Setting
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-653
Improper Isolation or Compartmentalization
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-620
Unverified Password Change
CWE-798
Use of Hard-coded Credentials
CWE-269
Improper Privilege Management
CWE-295
Improper Certificate Validation
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Siemens heeft kwetsbaarheden verholpen in diverse producten als Industrial Edge Devices, Mendix, SENTRON, SIDIS, SIMATIC, SIPLUS,Insights Hub Private Cloud, Siemens License Server en Solid Edge.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- Omzeilen van authenticatie\n- (Remote) code execution (root/admin rechten)\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Toegang tot gevoelige gegevens\n- Spoofing\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.", title: "Interpretaties", }, { category: "description", text: "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "description", text: " ", title: "Dreigingsinformatie", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Improper Authentication", title: "CWE-287", }, { category: "general", text: "Use of a Cryptographic Primitive with a Risky Implementation", title: "CWE-1240", }, { category: "general", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "general", text: "Dependency on Vulnerable Third-Party Component", title: "CWE-1395", }, { category: "general", text: "Race Condition Enabling Link Following", title: "CWE-363", }, { category: "general", text: "Unprotected Alternate Channel", title: "CWE-420", }, { category: "general", text: "Incorrect Provision of Specified Functionality", title: "CWE-684", }, { category: "general", text: "Excessive Iteration", title: "CWE-834", }, { category: "general", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, { category: "general", text: "Expected Behavior Violation", title: "CWE-440", }, { category: "general", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, { category: "general", text: "Cleartext Transmission of Sensitive Information", title: "CWE-319", }, { category: "general", text: "Improper Validation of Integrity Check Value", title: "CWE-354", }, { category: "general", text: "Missing Cryptographic Step", title: "CWE-325", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Weak Authentication", title: "CWE-1390", }, { category: "general", text: "Observable Response Discrepancy", title: "CWE-204", }, { category: "general", text: "External Control of System or Configuration Setting", title: "CWE-15", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Improper Isolation or Compartmentalization", title: "CWE-653", }, { category: "general", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "general", text: "Unverified Password Change", title: "CWE-620", }, { category: "general", text: "Use of Hard-coded Credentials", title: "CWE-798", }, { category: "general", text: "Improper Privilege Management", title: "CWE-269", }, { category: "general", text: "Improper Certificate Validation", title: "CWE-295", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-187636.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-277137.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-525431.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-634640.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-672923.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-725549.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-819629.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-874353.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-817234.pdf", }, ], title: "Kwetsbaarheden verholpen in Siemens producten", tracking: { current_release_date: "2025-04-08T13:57:11.959816Z", generator: { date: "2025-02-25T15:15:00Z", engine: { name: "V.A.", version: "1.0", }, }, id: "NCSC-2025-0106", initial_release_date: "2025-04-08T13:57:11.959816Z", revision_history: [ { date: "2025-04-08T13:57:11.959816Z", number: "1.0.0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "vers:unknown/<v1.21.1-1-a", product: { name: "vers:unknown/<v1.21.1-1-a", product_id: "CSAFPID-2631845", }, }, ], category: "product_name", name: "Industrial Edge Own Device (IEOD)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v1.21.1-1", product: { name: "vers:unknown/<v1.21.1-1", product_id: "CSAFPID-2631844", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - x86-64 V1.21", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v1.20.2-1", product: { name: "vers:unknown/<v1.20.2-1", product_id: "CSAFPID-2631843", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - x86-64 V1.20", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631842", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - x86-64 V1.19", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631841", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - x86-64 V1.18", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631840", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - x86-64 V1.17", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v1.21.1-1", product: { name: "vers:unknown/<v1.21.1-1", product_id: "CSAFPID-2631839", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - arm64 V1.21", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v1.20.2-1", product: { name: "vers:unknown/<v1.20.2-1", product_id: "CSAFPID-2631838", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - arm64 V1.20", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631837", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - arm64 V1.19", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631836", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - arm64 V1.18", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631835", }, }, ], category: "product_name", name: "Industrial Edge Device Kit - arm64 V1.17", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631900", }, }, ], category: "product_name", name: "SENTRON 7KT PAC1260 Data Manager", }, { branches: [ { category: "product_version_range", name: "vers:unknown/4.0", product: { name: "vers:unknown/4.0", product_id: "CSAFPID-2632341", }, }, { category: "product_version_range", name: "vers:unknown/4.1", product: { name: "vers:unknown/4.1", product_id: "CSAFPID-2632342", }, }, { category: "product_version_range", name: "vers:unknown/4.2", product: { name: "vers:unknown/4.2", product_id: "CSAFPID-2632343", }, }, ], category: "product_name", name: "License Server", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v4.3", product: { name: "vers:unknown/<v4.3", product_id: "CSAFPID-2631790", }, }, ], category: "product_name", name: "Siemens License Server (SLS)", }, { branches: [ { branches: [ { category: "product_version_range", name: "vers:siemens/224.0 update 12", product: { name: "vers:siemens/224.0 update 12", product_id: "CSAFPID-2632460", }, }, { category: "product_version_range", name: "vers:siemens/225.0 update 3", product: { name: "vers:siemens/225.0 update 3", product_id: "CSAFPID-2632459", }, }, ], category: "product_name", name: "Solid Edge", }, { branches: [ { category: "product_version_range", name: "vers:siemens/v224.0 update 12", product: { name: "vers:siemens/v224.0 update 12", product_id: "CSAFPID-2632083", }, }, ], category: "product_name", name: "Solid_Edge_Se2024", }, { branches: [ { category: "product_version_range", name: "vers:siemens/2.0 sp1", product: { name: "vers:siemens/2.0 sp1", product_id: "CSAFPID-1211926", }, }, ], category: "product_name", name: "SINEC Network Management System", }, { branches: [ { category: "product_version_range", name: "vers:unknown/none", product: { name: "vers:unknown/none", product_id: "CSAFPID-2619361", }, }, ], category: "product_name", name: "Siemens Simatic S7-1500 Tm Mfp", }, { branches: [ { category: "product_version_range", name: "vers:unknown/>=3|<312", product: { name: "vers:unknown/>=3|<312", product_id: "CSAFPID-1209122", }, }, ], category: "product_name", name: "Siemens Telecontrol Server Basic", }, ], category: "product_family", name: "Siemens", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v224.0update12", product: { name: "vers:unknown/<v224.0update12", product_id: "CSAFPID-2631854", }, }, ], category: "product_name", name: "Solid Edge SE2024", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v225.0update3", product: { name: "vers:unknown/<v225.0update3", product_id: "CSAFPID-2631855", }, }, ], category: "product_name", name: "Solid Edge SE2025", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v2.0.0", product: { name: "vers:unknown/<v2.0.0", product_id: "CSAFPID-1296722", }, }, ], category: "product_name", name: "SIMATIC CFU DIQ", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v2.0", product: { name: "vers:unknown/<v2.0", product_id: "CSAFPID-2631923", }, }, { category: "product_version_range", name: "vers:unknown/<v2.0.0", product: { name: "vers:unknown/<v2.0.0", product_id: "CSAFPID-1296723", }, }, ], category: "product_name", name: "SIMATIC CFU PA", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631924", }, }, ], category: "product_name", name: "SIMATIC ET 200AL IM 157-1 PN", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631925", }, }, ], category: "product_name", name: "SIMATIC ET 200M IM 153-4 PN IO HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631926", }, }, ], category: "product_name", name: "SIMATIC ET 200M IM 153-4 PN IO ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631927", }, }, ], category: "product_name", name: "SIMATIC ET 200MP IM 155-5 PN BA", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631928", }, }, ], category: "product_name", name: "SIMATIC ET 200MP IM 155-5 PN HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631929", }, }, ], category: "product_name", name: "SIMATIC ET 200MP IM 155-5 PN ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631932", }, }, ], category: "product_name", name: "SIMATIC ET 200S IM 151-3 PN FO", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631933", }, }, ], category: "product_name", name: "SIMATIC ET 200S IM 151-3 PN HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631934", }, }, ], category: "product_name", name: "SIMATIC ET 200S IM 151-3 PN HS", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631935", }, }, ], category: "product_name", name: "SIMATIC ET 200S IM 151-3 PN ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1765658", }, }, ], category: "product_name", name: "SIMATIC ET 200S IM 151-8 PN/DP CPU", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1765659", }, }, ], category: "product_name", name: "SIMATIC ET 200S IM 151-8F PN/DP CPU", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631856", }, }, ], category: "product_name", name: "SIMATIC ET 200SP CPU 1510SP F-1 PN", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631858", }, }, ], category: "product_name", name: "SIMATIC ET 200SP CPU 1510SP-1 PN", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631860", }, }, ], category: "product_name", name: "SIMATIC ET 200SP CPU 1512SP F-1 PN", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631862", }, }, ], category: "product_name", name: "SIMATIC ET 200SP CPU 1512SP-1 PN", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1765660", }, }, ], category: "product_name", name: "SIMATIC ET 200SP IM 155-6 MF HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631936", }, }, ], category: "product_name", name: "SIMATIC ET 200SP IM 155-6 PN BA", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v1.3", product: { name: "vers:unknown/<v1.3", product_id: "CSAFPID-2631937", }, }, ], category: "product_name", name: "SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631938", }, }, ], category: "product_name", name: "SIMATIC ET 200SP IM 155-6 PN HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631939", }, }, ], category: "product_name", name: "SIMATIC ET 200SP IM 155-6 PN HS", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631940", }, }, ], category: "product_name", name: "SIMATIC ET 200SP IM 155-6 PN ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631920", }, }, ], category: "product_name", name: "SIDOOR ATD430W", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631921", }, }, ], category: "product_name", name: "SIDOOR ATE530G COATED", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631922", }, }, ], category: "product_name", name: "SIDOOR ATE530S COATED", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631967", }, }, ], category: "product_name", name: "SIMOCODE pro V Ethernet/IP (incl. SIPLUS variants)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631968", }, }, ], category: "product_name", name: "SIMOCODE pro V PROFINET", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631969", }, }, ], category: "product_name", name: "SINUMERIK 840D sl", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2632004", }, }, ], category: "product_name", name: "SIWAREX WP231", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2632005", }, }, ], category: "product_name", name: "SIWAREX WP241", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2632006", }, }, ], category: "product_name", name: "SIWAREX WP251", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2632007", }, }, ], category: "product_name", name: "SIWAREX WP521 ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2632008", }, }, ], category: "product_name", name: "SIWAREX WP522 ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631966", }, }, ], category: "product_name", name: "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1765690", }, }, ], category: "product_name", name: "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1765691", }, }, ], category: "product_name", name: "SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v8.3", product: { name: "vers:unknown/<v8.3", product_id: "CSAFPID-2459039", }, }, ], category: "product_name", name: "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631970", }, }, ], category: "product_name", name: "SIPLUS ET 200M IM 153-4 PN IO HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631971", }, }, ], category: "product_name", name: "SIPLUS ET 200M IM 153-4 PN IO ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631972", }, }, ], category: "product_name", name: "SIPLUS ET 200MP IM 155-5 PN HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631973", }, }, ], category: "product_name", name: "SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631974", }, }, ], category: "product_name", name: "SIPLUS ET 200MP IM 155-5 PN ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631975", }, }, ], category: "product_name", name: "SIPLUS ET 200MP IM 155-5 PN ST TX RAIL", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1765700", }, }, ], category: "product_name", name: "SIPLUS ET 200S IM 151-8 PN/DP CPU", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1765701", }, }, ], category: "product_name", name: "SIPLUS ET 200S IM 151-8F PN/DP CPU", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631976", }, }, ], category: "product_name", name: "SIPLUS ET 200S IM151-3 PN HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631977", }, }, ], category: "product_name", name: "SIPLUS ET 200S IM151-3 PN ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1296980", }, }, ], category: "product_name", name: "SIPLUS ET 200SP CPU 1512SP F-1 PN", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631978", }, }, ], category: "product_name", name: "SIPLUS ET 200SP IM 155-6 PN HF", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631979", }, }, ], category: "product_name", name: "SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631980", }, }, ], category: "product_name", name: "SIPLUS ET 200SP IM 155-6 PN HF TX RAIL", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631981", }, }, ], category: "product_name", name: "SIPLUS ET 200SP IM 155-6 PN ST", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631982", }, }, ], category: "product_name", name: "SIPLUS ET 200SP IM 155-6 PN ST BA", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631983", }, }, ], category: "product_name", name: "SIPLUS ET 200SP IM 155-6 PN ST BA TX RAIL", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631984", }, }, ], category: "product_name", name: "SIPLUS ET 200SP IM 155-6 PN ST TX RAIL", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631985", }, }, ], category: "product_name", name: "SIPLUS HCS4200 CIM4210", }, { branches: [ { category: "product_version_range", name: "vers:unknown/10.16.0", product: { name: "vers:unknown/10.16.0", product_id: "CSAFPID-2632402", }, }, ], category: "product_name", name: "Mendix Runtime", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v10.21.0", product: { name: "vers:unknown/<v10.21.0", product_id: "CSAFPID-2631802", }, }, ], category: "product_name", name: "Mendix Runtime V10", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631803", }, }, ], category: "product_name", name: "Mendix Runtime V10.12", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631804", }, }, ], category: "product_name", name: "Mendix Runtime V10.18", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-2631805", }, }, ], category: "product_name", name: "Mendix Runtime V10.6", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<*", product: { name: "vers:unknown/<*", product_id: "CSAFPID-1296837", }, }, ], category: "product_name", name: "Mendix Runtime V8", }, { branches: [ { category: "product_version_range", name: "vers:unknown/<v9.24.34", product: { name: "vers:unknown/<v9.24.34", product_id: "CSAFPID-2631806", }, }, ], category: "product_name", name: "Mendix Runtime V9", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2022-21658", cwe: { id: "CWE-367", name: "Time-of-check Time-of-use (TOCTOU) Race Condition", }, notes: [ { category: "other", text: "Time-of-check Time-of-use (TOCTOU) Race Condition", title: "CWE-367", }, { category: "other", text: "Race Condition Enabling Link Following", title: "CWE-363", }, { category: "other", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2022-21658", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-21658.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2022-21658", }, { cve: "CVE-2023-2975", cwe: { id: "CWE-287", name: "Improper Authentication", }, notes: [ { category: "other", text: "Improper Authentication", title: "CWE-287", }, { category: "other", text: "Improper Validation of Integrity Check Value", title: "CWE-354", }, { category: "other", text: "Use of a Broken or Risky Cryptographic Algorithm", title: "CWE-327", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2023-2975", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2975.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2023-2975", }, { cve: "CVE-2023-3446", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Inefficient Regular Expression Complexity", title: "CWE-1333", }, { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "other", text: "Use of a Cryptographic Primitive with a Risky Implementation", title: "CWE-1240", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2023-3446", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3446.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2023-3446", }, { cve: "CVE-2023-3817", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Excessive Iteration", title: "CWE-834", }, { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "other", text: "Use of a Cryptographic Primitive with a Risky Implementation", title: "CWE-1240", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2023-3817", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3817.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2023-3817", }, { cve: "CVE-2023-4807", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Expected Behavior Violation", title: "CWE-440", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2023-4807", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4807.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2023-4807", }, { cve: "CVE-2023-5363", cwe: { id: "CWE-325", name: "Missing Cryptographic Step", }, notes: [ { category: "other", text: "Missing Cryptographic Step", title: "CWE-325", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Incorrect Provision of Specified Functionality", title: "CWE-684", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2023-5363", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5363.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2023-5363", }, { cve: "CVE-2023-5678", cwe: { id: "CWE-754", name: "Improper Check for Unusual or Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, { category: "other", text: "Missing Cryptographic Step", title: "CWE-325", }, { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2023-5678", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5678.json", }, ], title: "CVE-2023-5678", }, { cve: "CVE-2023-7104", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2023-7104", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7104.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2023-7104", }, { cve: "CVE-2024-0056", cwe: { id: "CWE-420", name: "Unprotected Alternate Channel", }, notes: [ { category: "other", text: "Unprotected Alternate Channel", title: "CWE-420", }, { category: "other", text: "Cleartext Transmission of Sensitive Information", title: "CWE-319", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-0056", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0056.json", }, ], scores: [ { cvss_v3: { baseScore: 8.7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-0056", }, { cve: "CVE-2024-0232", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-0232", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0232.json", }, ], title: "CVE-2024-0232", }, { cve: "CVE-2024-0727", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-0727", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0727.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-0727", }, { cve: "CVE-2024-5535", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Dependency on Vulnerable Third-Party Component", title: "CWE-1395", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-5535", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5535.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-5535", }, { cve: "CVE-2024-9143", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-9143", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-9143.json", }, ], title: "CVE-2024-9143", }, { cve: "CVE-2024-21319", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-21319", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21319.json", }, ], title: "CVE-2024-21319", }, { cve: "CVE-2024-23814", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-23814", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23814.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-23814", }, { cve: "CVE-2024-30105", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-30105", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30105.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-30105", }, { cve: "CVE-2024-41788", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41788", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41788.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41788", }, { cve: "CVE-2024-41789", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41789", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41789.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41789", }, { cve: "CVE-2024-41790", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41790", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41790.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41790", }, { cve: "CVE-2024-41791", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "other", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41791", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41791.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41791", }, { cve: "CVE-2024-41792", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41792", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41792.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41792", }, { cve: "CVE-2024-41793", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "other", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41793", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41793.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41793", }, { cve: "CVE-2024-41794", cwe: { id: "CWE-798", name: "Use of Hard-coded Credentials", }, notes: [ { category: "other", text: "Use of Hard-coded Credentials", title: "CWE-798", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41794", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41794.json", }, ], scores: [ { cvss_v3: { baseScore: 10, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41794", }, { cve: "CVE-2024-41795", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, notes: [ { category: "other", text: "Cross-Site Request Forgery (CSRF)", title: "CWE-352", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41795.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41795", }, { cve: "CVE-2024-41796", cwe: { id: "CWE-620", name: "Unverified Password Change", }, notes: [ { category: "other", text: "Unverified Password Change", title: "CWE-620", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-41796", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41796.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-41796", }, { cve: "CVE-2024-54091", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-54091", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54091.json", }, ], title: "CVE-2024-54091", }, { cve: "CVE-2024-54092", cwe: { id: "CWE-1390", name: "Weak Authentication", }, notes: [ { category: "other", text: "Weak Authentication", title: "CWE-1390", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2024-54092", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54092.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2024-54092", }, { cve: "CVE-2025-30280", cwe: { id: "CWE-204", name: "Observable Response Discrepancy", }, notes: [ { category: "other", text: "Observable Response Discrepancy", title: "CWE-204", }, { category: "general", text: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-30280", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30280.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2025-30280", }, { cve: "CVE-2025-1097", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "External Control of System or Configuration Setting", title: "CWE-15", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-1097", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-1097.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2025-1097", }, { cve: "CVE-2025-24514", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "External Control of System or Configuration Setting", title: "CWE-15", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-24514", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24514.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2025-24514", }, { cve: "CVE-2025-24513", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-24513", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-24513.json", }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2025-24513", }, { cve: "CVE-2025-1974", cwe: { id: "CWE-653", name: "Improper Isolation or Compartmentalization", }, notes: [ { category: "other", text: "Improper Isolation or Compartmentalization", title: "CWE-653", }, { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-1974", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-1974.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2025-1974", }, { cve: "CVE-2025-1098", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "External Control of System or Configuration Setting", title: "CWE-15", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-1098", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-1098.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2025-1098", }, { cve: "CVE-2025-29999", cwe: { id: "CWE-269", name: "Improper Privilege Management", }, notes: [ { category: "other", text: "Improper Privilege Management", title: "CWE-269", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-29999", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-29999.json", }, ], title: "CVE-2025-29999", }, { cve: "CVE-2025-30000", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "other", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "general", text: "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", title: "CVSSV4", }, ], product_status: { known_affected: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, references: [ { category: "self", summary: "CVE-2025-30000", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-30000.json", }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-2631845", "CSAFPID-2631844", "CSAFPID-2631843", "CSAFPID-2631842", "CSAFPID-2631841", "CSAFPID-2631840", "CSAFPID-2631839", "CSAFPID-2631838", "CSAFPID-2631837", "CSAFPID-2631836", "CSAFPID-2631835", "CSAFPID-2631900", "CSAFPID-2632341", "CSAFPID-2632342", "CSAFPID-2632343", "CSAFPID-2631790", "CSAFPID-2632460", "CSAFPID-2632459", "CSAFPID-2631854", "CSAFPID-2631855", "CSAFPID-2632083", "CSAFPID-1296722", "CSAFPID-2631923", "CSAFPID-1296723", "CSAFPID-2631924", "CSAFPID-2631925", "CSAFPID-2631926", "CSAFPID-2631927", "CSAFPID-2631928", "CSAFPID-2631929", "CSAFPID-2631932", "CSAFPID-2631933", "CSAFPID-2631934", "CSAFPID-2631935", "CSAFPID-1765658", "CSAFPID-1765659", "CSAFPID-2631856", "CSAFPID-2631858", "CSAFPID-2631860", "CSAFPID-2631862", "CSAFPID-1765660", "CSAFPID-2631936", "CSAFPID-2631937", "CSAFPID-2631938", "CSAFPID-2631939", "CSAFPID-2631940", "CSAFPID-2631920", "CSAFPID-2631921", "CSAFPID-2631922", "CSAFPID-2631967", "CSAFPID-2631968", "CSAFPID-2631969", "CSAFPID-2632004", "CSAFPID-2632005", "CSAFPID-2632006", "CSAFPID-2632007", "CSAFPID-2632008", "CSAFPID-2631966", "CSAFPID-1765690", "CSAFPID-1765691", "CSAFPID-2459039", "CSAFPID-2631970", "CSAFPID-2631971", "CSAFPID-2631972", "CSAFPID-2631973", "CSAFPID-2631974", "CSAFPID-2631975", "CSAFPID-1765700", "CSAFPID-1765701", "CSAFPID-2631976", "CSAFPID-2631977", "CSAFPID-1296980", "CSAFPID-2631978", "CSAFPID-2631979", "CSAFPID-2631980", "CSAFPID-2631981", "CSAFPID-2631982", "CSAFPID-2631983", "CSAFPID-2631984", "CSAFPID-2631985", "CSAFPID-2632402", "CSAFPID-2631802", "CSAFPID-2631803", "CSAFPID-2631804", "CSAFPID-2631805", "CSAFPID-1296837", "CSAFPID-2631806", "CSAFPID-1211926", "CSAFPID-2619361", "CSAFPID-1209122", ], }, ], title: "CVE-2025-30000", }, ], }
fkie_cve-2024-54092
Vulnerability from fkie_nvd
Published
2025-04-08 09:15
Modified
2025-04-08 18:13
Severity ?
Summary
A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All versions), Industrial Edge Device Kit - arm64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - arm64 V1.21 (All versions < V1.21.1-1), Industrial Edge Device Kit - x86-64 V1.17 (All versions), Industrial Edge Device Kit - x86-64 V1.18 (All versions), Industrial Edge Device Kit - x86-64 V1.19 (All versions), Industrial Edge Device Kit - x86-64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - x86-64 V1.21 (All versions < V1.21.1-1), Industrial Edge Own Device (IEOD) (All versions < V1.21.1-1-a), Industrial Edge Virtual Device (All versions < V1.21.1-1-a), SCALANCE LPE9413 (6GK5998-3GS01-2AC2) (All versions), SIMATIC IPC BX-39A Industrial Edge Device (All versions < V3.0), SIMATIC IPC BX-59A Industrial Edge Device (All versions < V3.0), SIMATIC IPC127E Industrial Edge Device (All versions < V3.0), SIMATIC IPC227E Industrial Edge Device (All versions < V3.0), SIMATIC IPC427E Industrial Edge Device (All versions < V3.0), SIMATIC IPC847E Industrial Edge Device (All versions < V3.0). Affected devices do not properly enforce user authentication on specific API endpoints when identity federation is used. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that identity federation is currently or has previously been used and the attacker has learned the identity of a legitimate user.
References
Impacted products
| Vendor | Product | Version |
|---|
{ cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability has been identified in Industrial Edge Device Kit - arm64 V1.17 (All versions), Industrial Edge Device Kit - arm64 V1.18 (All versions), Industrial Edge Device Kit - arm64 V1.19 (All versions), Industrial Edge Device Kit - arm64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - arm64 V1.21 (All versions < V1.21.1-1), Industrial Edge Device Kit - x86-64 V1.17 (All versions), Industrial Edge Device Kit - x86-64 V1.18 (All versions), Industrial Edge Device Kit - x86-64 V1.19 (All versions), Industrial Edge Device Kit - x86-64 V1.20 (All versions < V1.20.2-1), Industrial Edge Device Kit - x86-64 V1.21 (All versions < V1.21.1-1), Industrial Edge Own Device (IEOD) (All versions < V1.21.1-1-a), Industrial Edge Virtual Device (All versions < V1.21.1-1-a), SCALANCE LPE9413 (6GK5998-3GS01-2AC2) (All versions), SIMATIC IPC BX-39A Industrial Edge Device (All versions < V3.0), SIMATIC IPC BX-59A Industrial Edge Device (All versions < V3.0), SIMATIC IPC127E Industrial Edge Device (All versions < V3.0), SIMATIC IPC227E Industrial Edge Device (All versions < V3.0), SIMATIC IPC427E Industrial Edge Device (All versions < V3.0), SIMATIC IPC847E Industrial Edge Device (All versions < V3.0). Affected devices do not properly enforce user authentication on specific API endpoints when identity federation is used. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that identity federation is currently or has previously been used and the attacker has learned the identity of a legitimate user.", }, { lang: "es", value: "Se ha identificado una vulnerabilidad en Industrial Edge Device Kit - arm64 V1.17 (Todas las versiones), Industrial Edge Device Kit - arm64 V1.18 (Todas las versiones), Industrial Edge Device Kit - arm64 V1.19 (Todas las versiones), Industrial Edge Device Kit - arm64 V1.20 (Todas las versiones < V1.20.2-1), Industrial Edge Device Kit - arm64 V1.21 (Todas las versiones < V1.21.1-1), Industrial Edge Device Kit - x86-64 V1.17 (Todas las versiones), Industrial Edge Device Kit - x86-64 V1.18 (Todas las versiones), Industrial Edge Device Kit - x86-64 V1.19 (Todas las versiones), Industrial Edge Device Kit - x86-64 V1.20 (Todas las versiones < V1.20.2-1), Industrial Edge Device Kit - x86-64 V1.21 (Todas las versiones < V1.21.1-1), Industrial Edge Own Device (IEOD) (Todas las versiones < V1.21.1-1-a), Industrial Edge Device Kit (todas las versiones < V1.21.1-1-a), SCALANCE LPE9413 (6GK5998-3GS01-2AC2) (todas las versiones), SIMATIC IPC BX-39A Industrial Edge Device (todas las versiones < V3.0), SIMATIC IPC BX-59A Industrial Edge Device (todas las versiones < V3.0), SIMATIC IPC127E Industrial Edge Device (todas las versiones < V3.0), SIMATIC IPC227E Industrial Edge Device (todas las versiones < V3.0), SIMATIC IPC427E Industrial Edge Device (todas las versiones < V3.0), SIMATIC IPC847E Industrial Edge Device (todas las versiones < V3.0). Los dispositivos afectados no aplican correctamente la autenticación de usuario en endpoints de API específicos cuando se utiliza la federación de identidades. Esto podría facilitar que un atacante remoto no autenticado eluda la autenticación y se haga pasar por un usuario legítimo. Para una explotación exitosa es necesario que la federación de identidad esté actualmente en uso o se haya utilizado anteriormente y que el atacante haya conocido la identidad de un usuario legítimo.", }, ], id: "CVE-2024-54092", lastModified: "2025-04-08T18:13:53.347", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "productcert@siemens.com", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 9.3, baseSeverity: "CRITICAL", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "NONE", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "HIGH", vulnConfidentialityImpact: "HIGH", vulnIntegrityImpact: "HIGH", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "productcert@siemens.com", type: "Secondary", }, ], }, published: "2025-04-08T09:15:23.320", references: [ { source: "productcert@siemens.com", url: "https://cert-portal.siemens.com/productcert/html/ssa-634640.html", }, { source: "productcert@siemens.com", url: "https://cert-portal.siemens.com/productcert/html/ssa-819629.html", }, ], sourceIdentifier: "productcert@siemens.com", vulnStatus: "Awaiting Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-1390", }, ], source: "productcert@siemens.com", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.