Action not permitted
Modal body text goes here.
Modal Title
Modal Body
Vulnerability from csaf_ncscnl
Published
2024-07-09 18:40
Modified
2024-07-09 18:40
Summary
Kwetsbaarheden verholpen in Siemens Producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Siemens heeft kwetsbaarheden verholpen in diverse producten als Mendix, RUGGEDOM, SIMATIC, SINEMA, SIPROTEC en de Engineering Platforms voor diverse systemen.
Interpretaties
De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- (Remote) code execution (Administrator/Root rechten)
- (Remote) code execution (Gebruikersrechten)
- Toegang tot systeemgegevens
- Toegang tot gevoelige gegevens
- Verhoogde gebruikersrechten
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen
Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-121
Stack-based Buffer Overflow
CWE-125
Out-of-bounds Read
CWE-1325
Improperly Controlled Sequential Memory Allocation
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-222
Truncation of Security-relevant Information
CWE-266
Incorrect Privilege Assignment
CWE-267
Privilege Defined With Unsafe Actions
CWE-286
Incorrect User Management
CWE-307
Improper Restriction of Excessive Authentication Attempts
CWE-326
Inadequate Encryption Strength
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CWE-378
Creation of Temporary File With Insecure Permissions
CWE-400
Uncontrolled Resource Consumption
CWE-425
Direct Request ('Forced Browsing')
CWE-434
Unrestricted Upload of File with Dangerous Type
CWE-476
NULL Pointer Dereference
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE-502
Deserialization of Untrusted Data
CWE-547
Use of Hard-coded, Security-relevant Constants
CWE-602
Client-Side Enforcement of Server-Side Security
CWE-732
Incorrect Permission Assignment for Critical Resource
CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-787
Out-of-bounds Write
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE-863
Incorrect Authorization
CWE-916
Use of Password Hash With Insufficient Computational Effort
CWE-924
Improper Enforcement of Message Integrity During Transmission in a Communication Channel
{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "nl", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." }, { "category": "description", "text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als Mendix, RUGGEDOM, SIMATIC, SINEMA, SIPROTEC en de Engineering Platforms voor diverse systemen.", "title": "Feiten" }, { "category": "description", "text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- (Remote) code execution (Administrator/Root rechten)\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Toegang tot gevoelige gegevens\n- Verhoogde gebruikersrechten\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.", "title": "Interpretaties" }, { "category": "description", "text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.", "title": "Oplossingen" }, { "category": "general", "text": "medium", "title": "Kans" }, { "category": "general", "text": "high", "title": "Schade" }, { "category": "general", "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer", "title": "CWE-119" }, { "category": "general", "text": "Stack-based Buffer Overflow", "title": "CWE-121" }, { "category": "general", "text": "Out-of-bounds Read", "title": "CWE-125" }, { "category": "general", "text": "Improperly Controlled Sequential Memory Allocation", "title": "CWE-1325" }, { "category": "general", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" }, { "category": "general", "text": "Truncation of Security-relevant Information", "title": "CWE-222" }, { "category": "general", "text": "Incorrect Privilege Assignment", "title": "CWE-266" }, { "category": "general", "text": "Privilege Defined With Unsafe Actions", "title": "CWE-267" }, { "category": "general", "text": "Incorrect User Management", "title": "CWE-286" }, { "category": "general", "text": "Improper Restriction of Excessive Authentication Attempts", "title": "CWE-307" }, { "category": "general", "text": "Inadequate Encryption Strength", "title": "CWE-326" }, { "category": "general", "text": "Exposure of Private Personal Information to an Unauthorized Actor", "title": "CWE-359" }, { "category": "general", "text": "Creation of Temporary File With Insecure Permissions", "title": "CWE-378" }, { "category": "general", "text": "Uncontrolled Resource Consumption", "title": "CWE-400" }, { "category": "general", "text": "Direct Request (\u0027Forced Browsing\u0027)", "title": "CWE-425" }, { "category": "general", "text": "Unrestricted Upload of File with Dangerous Type", "title": "CWE-434" }, { "category": "general", "text": "NULL Pointer Dereference", "title": "CWE-476" }, { "category": "general", "text": "Exposure of Sensitive System Information to an Unauthorized Control Sphere", "title": "CWE-497" }, { "category": "general", "text": "Deserialization of Untrusted Data", "title": "CWE-502" }, { "category": "general", "text": "Use of Hard-coded, Security-relevant Constants", "title": "CWE-547" }, { "category": "general", "text": "Client-Side Enforcement of Server-Side Security", "title": "CWE-602" }, { "category": "general", "text": "Incorrect Permission Assignment for Critical Resource", "title": "CWE-732" }, { "category": "general", "text": "Improper Check for Unusual or Exceptional Conditions", "title": "CWE-754" }, { "category": "general", "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "title": "CWE-77" }, { "category": "general", "text": "Allocation of Resources Without Limits or Throttling", "title": "CWE-770" }, { "category": "general", "text": "Out-of-bounds Write", "title": "CWE-787" }, { "category": "general", "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "title": "CWE-79" }, { "category": "general", "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)", "title": "CWE-843" }, { "category": "general", "text": "Incorrect Authorization", "title": "CWE-863" }, { "category": "general", "text": "Use of Password Hash With Insufficient Computational Effort", "title": "CWE-916" }, { "category": "general", "text": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel", "title": "CWE-924" } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "Nationaal Cyber Security Centrum", "namespace": "https://www.ncsc.nl/" }, "references": [ { "category": "external", "summary": "Reference - ncscclear; siemens", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-064222.pdf" }, { "category": "external", "summary": "Reference - ncscclear; siemens", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-088132.pdf" }, { "category": "external", "summary": "Reference - ncscclear; siemens", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170375.pdf" }, { "category": "external", "summary": "Reference - ncscclear; siemens", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-313039.pdf" }, { "category": "external", "summary": "Reference - ncscclear; siemens", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-364175.pdf" }, { "category": "external", "summary": "Reference - ncscclear; siemens", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-381581.pdf" }, { "category": "external", "summary": "Reference - ncscclear; siemens", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-698820.pdf" }, { "category": "external", "summary": "Reference - ncscclear; siemens", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-722010.pdf" }, { "category": "external", "summary": "Reference - siemens", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723487.pdf" }, { "category": "external", "summary": "Reference - ncscclear; siemens", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-750499.pdf" }, { "category": "external", "summary": "Reference - ncscclear; siemens", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-779936.pdf" }, { "category": "external", "summary": "Reference - ncscclear; siemens", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-824889.pdf" }, { "category": "external", "summary": "Reference - ncscclear; siemens", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-868282.pdf" }, { "category": "external", "summary": "Reference - ncscclear; siemens", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-883918.pdf" }, { "category": "external", "summary": "Reference - ncscclear; siemens", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-928781.pdf" }, { "category": "external", "summary": "Reference - ncscclear; siemens", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-998949.pdf" } ], "title": "Kwetsbaarheden verholpen in Siemens Producten", "tracking": { "current_release_date": "2024-07-09T18:40:57.534939Z", "id": "NCSC-2024-0282", "initial_release_date": "2024-07-09T18:40:57.534939Z", "revision_history": [ { "date": "2024-07-09T18:40:57.534939Z", "number": "0", "summary": "Initiele versie" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "jt_open", "product": { "name": "jt_open", "product_id": "CSAFPID-1497083", "product_identification_helper": { "cpe": "cpe:2.3:a:siemens:jt_open:0:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "mendix_encryption", "product": { "name": "mendix_encryption", "product_id": "CSAFPID-1497113", "product_identification_helper": { "cpe": "cpe:2.3:a:siemens:mendix_encryption:v10.0.0:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "plm_xml_sdk", "product": { "name": "plm_xml_sdk", "product_id": "CSAFPID-1497084", "product_identification_helper": { "cpe": "cpe:2.3:a:siemens:plm_xml_sdk:0:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "ps_iges_parasolid_translator_component", "product": { "name": "ps_iges_parasolid_translator_component", "product_id": "CSAFPID-1464909", "product_identification_helper": { "cpe": "cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:0:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "ruggedcom_i800", "product": { "name": "ruggedcom_i800", "product_id": "CSAFPID-1496944", "product_identification_helper": { "cpe": "cpe:2.3:a:siemens:ruggedcom_i800:0:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "ruggedcom_i800", "product": { "name": "ruggedcom_i800", "product_id": "CSAFPID-1497438", "product_identification_helper": { "cpe": "cpe:2.3:a:siemens:ruggedcom_i800:4.3.0:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "ruggedcom_i800", "product": { "name": "ruggedcom_i800", "product_id": "CSAFPID-1497459", "product_identification_helper": { "cpe": "cpe:2.3:a:siemens:ruggedcom_i800:4.3.2:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "ruggedcom_i800", "product": { "name": "ruggedcom_i800", "product_id": "CSAFPID-1497481", "product_identification_helper": { "cpe": "cpe:2.3:a:siemens:ruggedcom_i800:4.3.3:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "ruggedcom_i800", "product": { "name": "ruggedcom_i800", "product_id": "CSAFPID-1497482", "product_identification_helper": { "cpe": "cpe:2.3:a:siemens:ruggedcom_i800:4.3.4:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "ruggedcom_i800", "product": { "name": "ruggedcom_i800", "product_id": "CSAFPID-1497428", "product_identification_helper": { "cpe": "cpe:2.3:a:siemens:ruggedcom_i800:4.3.5:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "ruggedcom_i800", "product": { "name": "ruggedcom_i800", "product_id": "CSAFPID-1497379", "product_identification_helper": { "cpe": "cpe:2.3:a:siemens:ruggedcom_i800:4.3.6:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "ruggedcom_i800", "product": { "name": "ruggedcom_i800", "product_id": "CSAFPID-1497388", "product_identification_helper": { "cpe": "cpe:2.3:a:siemens:ruggedcom_i800:4.3.7:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "ruggedcom_i800", "product": { "name": "ruggedcom_i800", "product_id": "CSAFPID-1498045", "product_identification_helper": { "cpe": "cpe:2.3:a:siemens:ruggedcom_i800:4.3.8:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "ruggedcom_i800", "product": { "name": "ruggedcom_i800", "product_id": "CSAFPID-1497498", "product_identification_helper": { "cpe": "cpe:2.3:a:siemens:ruggedcom_i800:4.3.9:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "ruggedcom_i800nc", "product": { "name": "ruggedcom_i800nc", "product_id": "CSAFPID-1496945", "product_identification_helper": { "cpe": "cpe:2.3:a:siemens:ruggedcom_i800nc:0:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "ruggedcom_i800nc", "product": { "name": "ruggedcom_i800nc", "product_id": "CSAFPID-1497536", "product_identification_helper": { "cpe": "cpe:2.3:a:siemens:ruggedcom_i800nc:4.3.0:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "ruggedcom", "product": { "name": "ruggedcom", "product_id": "CSAFPID-1498050", "product_identification_helper": { "cpe": "cpe:2.3:a:siemens:ruggedcom:4.3.0:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "ruggedcom", "product": { "name": "ruggedcom", "product_id": "CSAFPID-1497507", "product_identification_helper": { "cpe": "cpe:2.3:a:siemens:ruggedcom:4.3.1:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "ruggedcom", "product": { "name": "ruggedcom", "product_id": "CSAFPID-1498073", "product_identification_helper": { "cpe": "cpe:2.3:a:siemens:ruggedcom:4.3.2:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "ruggedcom", "product": { "name": "ruggedcom", "product_id": "CSAFPID-1497596", "product_identification_helper": { "cpe": "cpe:2.3:a:siemens:ruggedcom:4.3.3:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "ruggedcom", "product": { "name": "ruggedcom", "product_id": "CSAFPID-1497876", "product_identification_helper": { "cpe": "cpe:2.3:a:siemens:ruggedcom:4.3.4:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "ruggedcom", "product": { "name": "ruggedcom", "product_id": "CSAFPID-1497817", "product_identification_helper": { "cpe": "cpe:2.3:a:siemens:ruggedcom:4.3.5:*:*:*:*:*:*:*" } } } ], "category": "vendor", "name": "siemens" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-32260", "cwe": { "id": "CWE-286", "name": "Incorrect User Management" }, "notes": [ { "category": "other", "text": "Incorrect User Management", "title": "CWE-286" } ], "references": [ { "category": "self", "summary": "CVE-2022-32260", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-32260.json" } ], "title": "CVE-2022-32260" }, { "cve": "CVE-2023-7066", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" } ], "references": [ { "category": "self", "summary": "CVE-2023-7066", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7066.json" } ], "title": "CVE-2023-7066" }, { "cve": "CVE-2023-27321", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "other", "text": "Uncontrolled Resource Consumption", "title": "CWE-400" }, { "category": "other", "text": "NULL Pointer Dereference", "title": "CWE-476" }, { "category": "other", "text": "Improperly Controlled Sequential Memory Allocation", "title": "CWE-1325" } ], "references": [ { "category": "self", "summary": "CVE-2023-27321", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-27321.json" } ], "title": "CVE-2023-27321" }, { "cve": "CVE-2023-32735", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "notes": [ { "category": "other", "text": "Deserialization of Untrusted Data", "title": "CWE-502" } ], "references": [ { "category": "self", "summary": "CVE-2023-32735", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32735.json" } ], "title": "CVE-2023-32735" }, { "cve": "CVE-2023-32737", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "notes": [ { "category": "other", "text": "Deserialization of Untrusted Data", "title": "CWE-502" } ], "references": [ { "category": "self", "summary": "CVE-2023-32737", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-32737.json" } ], "title": "CVE-2023-32737" }, { "cve": "CVE-2023-46720", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Stack-based Buffer Overflow", "title": "CWE-121" } ], "references": [ { "category": "self", "summary": "CVE-2023-46720", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46720.json" } ], "title": "CVE-2023-46720" }, { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-222", "name": "Truncation of Security-relevant Information" }, "notes": [ { "category": "other", "text": "Truncation of Security-relevant Information", "title": "CWE-222" } ], "references": [ { "category": "self", "summary": "CVE-2023-48795", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json" } ], "title": "CVE-2023-48795" }, { "cve": "CVE-2023-52237", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "other", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" } ], "product_status": { "known_affected": [ "CSAFPID-1496944", "CSAFPID-1496945" ] }, "references": [ { "category": "self", "summary": "CVE-2023-52237", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52237.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "products": [ "CSAFPID-1496944", "CSAFPID-1496945" ] } ], "title": "CVE-2023-52237" }, { "cve": "CVE-2023-52238", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "other", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" } ], "references": [ { "category": "self", "summary": "CVE-2023-52238", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52238.json" } ], "title": "CVE-2023-52238" }, { "cve": "CVE-2023-52891", "cwe": { "id": "CWE-1325", "name": "Improperly Controlled Sequential Memory Allocation" }, "notes": [ { "category": "other", "text": "Improperly Controlled Sequential Memory Allocation", "title": "CWE-1325" } ], "references": [ { "category": "self", "summary": "CVE-2023-52891", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52891.json" } ], "title": "CVE-2023-52891" }, { "cve": "CVE-2024-21754", "cwe": { "id": "CWE-916", "name": "Use of Password Hash With Insufficient Computational Effort" }, "notes": [ { "category": "other", "text": "Use of Password Hash With Insufficient Computational Effort", "title": "CWE-916" } ], "references": [ { "category": "self", "summary": "CVE-2024-21754", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21754.json" } ], "title": "CVE-2024-21754" }, { "cve": "CVE-2024-23111", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "title": "CWE-79" } ], "references": [ { "category": "self", "summary": "CVE-2024-23111", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23111.json" } ], "title": "CVE-2024-23111" }, { "cve": "CVE-2024-26010", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Stack-based Buffer Overflow", "title": "CWE-121" } ], "references": [ { "category": "self", "summary": "CVE-2024-26010", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26010.json" } ], "title": "CVE-2024-26010" }, { "cve": "CVE-2024-30321", "cwe": { "id": "CWE-359", "name": "Exposure of Private Personal Information to an Unauthorized Actor" }, "notes": [ { "category": "other", "text": "Exposure of Private Personal Information to an Unauthorized Actor", "title": "CWE-359" } ], "references": [ { "category": "self", "summary": "CVE-2024-30321", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30321.json" } ], "title": "CVE-2024-30321" }, { "cve": "CVE-2024-32055", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" } ], "product_status": { "known_affected": [ "CSAFPID-1464909" ] }, "references": [ { "category": "self", "summary": "CVE-2024-32055", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32055.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-1464909" ] } ], "title": "CVE-2024-32055" }, { "cve": "CVE-2024-32056", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "other", "text": "Out-of-bounds Write", "title": "CWE-787" } ], "references": [ { "category": "self", "summary": "CVE-2024-32056", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32056.json" } ], "title": "CVE-2024-32056" }, { "cve": "CVE-2024-32057", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)" }, "notes": [ { "category": "other", "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)", "title": "CWE-843" } ], "product_status": { "known_affected": [ "CSAFPID-1464909" ] }, "references": [ { "category": "self", "summary": "CVE-2024-32057", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32057.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-1464909" ] } ], "title": "CVE-2024-32057" }, { "cve": "CVE-2024-32058", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "other", "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer", "title": "CWE-119" } ], "product_status": { "known_affected": [ "CSAFPID-1464909" ] }, "references": [ { "category": "self", "summary": "CVE-2024-32058", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32058.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-1464909" ] } ], "title": "CVE-2024-32058" }, { "cve": "CVE-2024-32059", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" } ], "product_status": { "known_affected": [ "CSAFPID-1464909" ] }, "references": [ { "category": "self", "summary": "CVE-2024-32059", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32059.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-1464909" ] } ], "title": "CVE-2024-32059" }, { "cve": "CVE-2024-32060", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" } ], "product_status": { "known_affected": [ "CSAFPID-1464909" ] }, "references": [ { "category": "self", "summary": "CVE-2024-32060", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32060.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-1464909" ] } ], "title": "CVE-2024-32060" }, { "cve": "CVE-2024-32061", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" } ], "product_status": { "known_affected": [ "CSAFPID-1464909" ] }, "references": [ { "category": "self", "summary": "CVE-2024-32061", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32061.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-1464909" ] } ], "title": "CVE-2024-32061" }, { "cve": "CVE-2024-32062", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)" }, "notes": [ { "category": "other", "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)", "title": "CWE-843" } ], "product_status": { "known_affected": [ "CSAFPID-1464909" ] }, "references": [ { "category": "self", "summary": "CVE-2024-32062", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32062.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-1464909" ] } ], "title": "CVE-2024-32062" }, { "cve": "CVE-2024-32063", "cwe": { "id": "CWE-843", "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)" }, "notes": [ { "category": "other", "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)", "title": "CWE-843" } ], "product_status": { "known_affected": [ "CSAFPID-1464909" ] }, "references": [ { "category": "self", "summary": "CVE-2024-32063", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32063.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-1464909" ] } ], "title": "CVE-2024-32063" }, { "cve": "CVE-2024-32064", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" } ], "product_status": { "known_affected": [ "CSAFPID-1464909" ] }, "references": [ { "category": "self", "summary": "CVE-2024-32064", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32064.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-1464909" ] } ], "title": "CVE-2024-32064" }, { "cve": "CVE-2024-32065", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" } ], "product_status": { "known_affected": [ "CSAFPID-1464909" ] }, "references": [ { "category": "self", "summary": "CVE-2024-32065", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32065.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-1464909" ] } ], "title": "CVE-2024-32065" }, { "cve": "CVE-2024-32066", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" } ], "product_status": { "known_affected": [ "CSAFPID-1464909" ] }, "references": [ { "category": "self", "summary": "CVE-2024-32066", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32066.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-1464909" ] } ], "title": "CVE-2024-32066" }, { "cve": "CVE-2024-33577", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Stack-based Buffer Overflow", "title": "CWE-121" } ], "references": [ { "category": "self", "summary": "CVE-2024-33577", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33577.json" } ], "title": "CVE-2024-33577" }, { "cve": "CVE-2024-33653", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" } ], "references": [ { "category": "self", "summary": "CVE-2024-33653", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33653.json" } ], "title": "CVE-2024-33653" }, { "cve": "CVE-2024-33654", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "other", "text": "Out-of-bounds Read", "title": "CWE-125" } ], "references": [ { "category": "self", "summary": "CVE-2024-33654", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33654.json" } ], "title": "CVE-2024-33654" }, { "cve": "CVE-2024-37996", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "other", "text": "NULL Pointer Dereference", "title": "CWE-476" } ], "product_status": { "known_affected": [ "CSAFPID-1497083", "CSAFPID-1497084" ] }, "references": [ { "category": "self", "summary": "CVE-2024-37996", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37996.json" } ], "scores": [ { "cvss_v3": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "CSAFPID-1497083", "CSAFPID-1497084" ] } ], "title": "CVE-2024-37996" }, { "cve": "CVE-2024-37997", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Stack-based Buffer Overflow", "title": "CWE-121" } ], "product_status": { "known_affected": [ "CSAFPID-1497083", "CSAFPID-1497084" ] }, "references": [ { "category": "self", "summary": "CVE-2024-37997", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37997.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CSAFPID-1497083", "CSAFPID-1497084" ] } ], "title": "CVE-2024-37997" }, { "cve": "CVE-2024-38278", "cwe": { "id": "CWE-266", "name": "Incorrect Privilege Assignment" }, "notes": [ { "category": "other", "text": "Incorrect Privilege Assignment", "title": "CWE-266" } ], "references": [ { "category": "self", "summary": "CVE-2024-38278", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38278.json" } ], "title": "CVE-2024-38278" }, { "cve": "CVE-2024-38867", "cwe": { "id": "CWE-326", "name": "Inadequate Encryption Strength" }, "notes": [ { "category": "other", "text": "Inadequate Encryption Strength", "title": "CWE-326" } ], "references": [ { "category": "self", "summary": "CVE-2024-38867", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38867.json" } ], "title": "CVE-2024-38867" }, { "cve": "CVE-2024-39567", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "title": "CWE-77" } ], "references": [ { "category": "self", "summary": "CVE-2024-39567", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39567.json" } ], "title": "CVE-2024-39567" }, { "cve": "CVE-2024-39568", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "title": "CWE-77" } ], "references": [ { "category": "self", "summary": "CVE-2024-39568", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39568.json" } ], "title": "CVE-2024-39568" }, { "cve": "CVE-2024-39569", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "title": "CWE-77" } ], "references": [ { "category": "self", "summary": "CVE-2024-39569", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39569.json" } ], "title": "CVE-2024-39569" }, { "cve": "CVE-2024-39570", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "title": "CWE-77" } ], "references": [ { "category": "self", "summary": "CVE-2024-39570", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39570.json" } ], "title": "CVE-2024-39570" }, { "cve": "CVE-2024-39571", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "title": "CWE-77" } ], "references": [ { "category": "self", "summary": "CVE-2024-39571", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39571.json" } ], "title": "CVE-2024-39571" }, { "cve": "CVE-2024-39675", "cwe": { "id": "CWE-497", "name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere" }, "notes": [ { "category": "other", "text": "Exposure of Sensitive System Information to an Unauthorized Control Sphere", "title": "CWE-497" } ], "references": [ { "category": "self", "summary": "CVE-2024-39675", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39675.json" } ], "title": "CVE-2024-39675" }, { "cve": "CVE-2024-39865", "cwe": { "id": "CWE-434", "name": "Unrestricted Upload of File with Dangerous Type" }, "notes": [ { "category": "other", "text": "Unrestricted Upload of File with Dangerous Type", "title": "CWE-434" } ], "references": [ { "category": "self", "summary": "CVE-2024-39865", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39865.json" } ], "title": "CVE-2024-39865" }, { "cve": "CVE-2024-39866", "cwe": { "id": "CWE-267", "name": "Privilege Defined With Unsafe Actions" }, "notes": [ { "category": "other", "text": "Privilege Defined With Unsafe Actions", "title": "CWE-267" } ], "references": [ { "category": "self", "summary": "CVE-2024-39866", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39866.json" } ], "title": "CVE-2024-39866" }, { "cve": "CVE-2024-39867", "cwe": { "id": "CWE-425", "name": "Direct Request (\u0027Forced Browsing\u0027)" }, "notes": [ { "category": "other", "text": "Direct Request (\u0027Forced Browsing\u0027)", "title": "CWE-425" } ], "references": [ { "category": "self", "summary": "CVE-2024-39867", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39867.json" } ], "title": "CVE-2024-39867" }, { "cve": "CVE-2024-39868", "cwe": { "id": "CWE-425", "name": "Direct Request (\u0027Forced Browsing\u0027)" }, "notes": [ { "category": "other", "text": "Direct Request (\u0027Forced Browsing\u0027)", "title": "CWE-425" } ], "references": [ { "category": "self", "summary": "CVE-2024-39868", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39868.json" } ], "title": "CVE-2024-39868" }, { "cve": "CVE-2024-39869", "cwe": { "id": "CWE-754", "name": "Improper Check for Unusual or Exceptional Conditions" }, "notes": [ { "category": "other", "text": "Improper Check for Unusual or Exceptional Conditions", "title": "CWE-754" } ], "references": [ { "category": "self", "summary": "CVE-2024-39869", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39869.json" } ], "title": "CVE-2024-39869" }, { "cve": "CVE-2024-39870", "cwe": { "id": "CWE-602", "name": "Client-Side Enforcement of Server-Side Security" }, "notes": [ { "category": "other", "text": "Client-Side Enforcement of Server-Side Security", "title": "CWE-602" } ], "references": [ { "category": "self", "summary": "CVE-2024-39870", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39870.json" } ], "title": "CVE-2024-39870" }, { "cve": "CVE-2024-39871", "cwe": { "id": "CWE-863", "name": "Incorrect Authorization" }, "notes": [ { "category": "other", "text": "Incorrect Authorization", "title": "CWE-863" } ], "references": [ { "category": "self", "summary": "CVE-2024-39871", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39871.json" } ], "title": "CVE-2024-39871" }, { "cve": "CVE-2024-39872", "cwe": { "id": "CWE-378", "name": "Creation of Temporary File With Insecure Permissions" }, "notes": [ { "category": "other", "text": "Creation of Temporary File With Insecure Permissions", "title": "CWE-378" } ], "references": [ { "category": "self", "summary": "CVE-2024-39872", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39872.json" } ], "title": "CVE-2024-39872" }, { "cve": "CVE-2024-39873", "cwe": { "id": "CWE-307", "name": "Improper Restriction of Excessive Authentication Attempts" }, "notes": [ { "category": "other", "text": "Improper Restriction of Excessive Authentication Attempts", "title": "CWE-307" } ], "references": [ { "category": "self", "summary": "CVE-2024-39873", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39873.json" } ], "title": "CVE-2024-39873" }, { "cve": "CVE-2024-39874", "cwe": { "id": "CWE-307", "name": "Improper Restriction of Excessive Authentication Attempts" }, "notes": [ { "category": "other", "text": "Improper Restriction of Excessive Authentication Attempts", "title": "CWE-307" } ], "references": [ { "category": "self", "summary": "CVE-2024-39874", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39874.json" } ], "title": "CVE-2024-39874" }, { "cve": "CVE-2024-39875", "cwe": { "id": "CWE-732", "name": "Incorrect Permission Assignment for Critical Resource" }, "notes": [ { "category": "other", "text": "Incorrect Permission Assignment for Critical Resource", "title": "CWE-732" } ], "references": [ { "category": "self", "summary": "CVE-2024-39875", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39875.json" } ], "title": "CVE-2024-39875" }, { "cve": "CVE-2024-39876", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "notes": [ { "category": "other", "text": "Allocation of Resources Without Limits or Throttling", "title": "CWE-770" } ], "references": [ { "category": "self", "summary": "CVE-2024-39876", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39876.json" } ], "title": "CVE-2024-39876" }, { "cve": "CVE-2024-39888", "cwe": { "id": "CWE-547", "name": "Use of Hard-coded, Security-relevant Constants" }, "notes": [ { "category": "other", "text": "Use of Hard-coded, Security-relevant Constants", "title": "CWE-547" } ], "product_status": { "known_affected": [ "CSAFPID-1497113" ] }, "references": [ { "category": "self", "summary": "CVE-2024-39888", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39888.json" } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "CSAFPID-1497113" ] } ], "title": "CVE-2024-39888" }, { "cve": "CVE-2024-3596", "cwe": { "id": "CWE-924", "name": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel" }, "notes": [ { "category": "other", "text": "Improper Enforcement of Message Integrity During Transmission in a Communication Channel", "title": "CWE-924" }, { "category": "other", "text": "Use of Weak Hash", "title": "CWE-328" } ], "references": [ { "category": "self", "summary": "CVE-2024-3596", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-3596.json" } ], "title": "CVE-2024-3596" } ] }
cve-2024-39874
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-02 04:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its Client Communication component. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | SINEMA Remote Connect Server |
Version: 0 < V3.2 SP1 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinema_remote_connect_server", "vendor": "siemens", "versions": [ { "lessThan": "V3.2 SP1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-39874", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T13:59:45.286367Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-10T21:22:07.058Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:33:11.148Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SINEMA Remote Connect Server", "vendor": "Siemens", "versions": [ { "lessThan": "V3.2 SP1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its Client Communication component. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-307", "description": "CWE-307: Improper Restriction of Excessive Authentication Attempts", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:31.563Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-39874", "datePublished": "2024-07-09T12:05:31.563Z", "dateReserved": "2024-07-01T13:05:40.288Z", "dateUpdated": "2024-08-02T04:33:11.148Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39865
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-02 04:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker with access to the backup encryption key to upload malicious files, that could potentially lead to remote code execution.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | SINEMA Remote Connect Server |
Version: 0 < V3.2 SP1 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinema_remote_connect_server", "vendor": "siemens", "versions": [ { "lessThan": "3.2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-39865", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T13:28:45.741199Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T13:30:06.233Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:33:11.277Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SINEMA Remote Connect Server", "vendor": "Siemens", "versions": [ { "lessThan": "V3.2 SP1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.2 SP1). The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker with access to the backup encryption key to upload malicious files, that could potentially lead to remote code execution." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-434", "description": "CWE-434: Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:19.951Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-39865", "datePublished": "2024-07-09T12:05:19.951Z", "dateReserved": "2024-07-01T13:05:40.287Z", "dateUpdated": "2024-08-02T04:33:11.277Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-37997
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-10-08 08:40
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a stack based overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT Open |
Version: 0 < V11.5 |
||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:jt_open:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "jt_open", "vendor": "siemens", "versions": [ { "lessThan": "V11.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:plm_xml_sdk:v7.1.0.0014:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "plm_xml_sdk", "vendor": "siemens", "versions": [ { "status": "affected", "version": "V7.1.0.014" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-37997", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T13:19:33.793225Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T13:25:16.197Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:04:24.591Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-824889.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT Open", "vendor": "Siemens", "versions": [ { "lessThan": "V11.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2406.0003", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "PLM XML SDK", "vendor": "Siemens", "versions": [ { "lessThan": "V7.1.0.014", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.13", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.11", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0008", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2406", "vendor": "Siemens", "versions": [ { "lessThan": "V2406.0003", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT Open (All versions \u003c V11.5), JT2Go (All versions \u003c V2406.0003), PLM XML SDK (All versions \u003c V7.1.0.014), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.13), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.11), Teamcenter Visualization V2312 (All versions \u003c V2312.0008), Teamcenter Visualization V2406 (All versions \u003c V2406.0003). The affected applications contain a stack based overflow vulnerability while parsing specially crafted XML files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-08T08:40:15.076Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-824889.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-959281.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-37997", "datePublished": "2024-07-09T12:05:06.114Z", "dateReserved": "2024-06-11T08:32:52.184Z", "dateUpdated": "2024-10-08T08:40:15.076Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26010
Vulnerability from cvelistv5
Published
2024-06-11 14:32
Modified
2024-08-01 23:59
Severity ?
EPSS score ?
Summary
A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specially crafted packets.
References
Impacted products
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiPAM |
Version: 1.2.0 Version: 1.1.0 ≤ 1.1.2 Version: 1.0.0 ≤ 1.0.3 |
||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortipam:1.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortipam", "vendor": "fortinet", "versions": [ { "status": "affected", "version": "1.2.0" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortipam:1.1.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortipam", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "1.1.2", "status": "affected", "version": "1.1.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortipam:1.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortipam", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "1.0.3", "status": "affected", "version": "1.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiswitchmanager:7.0.1:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiswitchmanager", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.0.3", "status": "affected", "version": "7.0.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiswitchmanager:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiswitchmanager", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.7", "status": "affected", "version": "7.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.0.14", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "6.2.16", "status": "affected", "version": "6.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "6.0.18", "status": "affected", "version": "6.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.9", "status": "affected", "version": "7.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:7.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.0.15", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:2.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "2.0.13", "status": "affected", "version": "2.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:1.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:1.1.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:1.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-26010", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-12T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T03:55:22.095Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:31.322Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-036", "tags": [ "x_transferred" ], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-036" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiPAM", "vendor": "Fortinet", "versions": [ { "status": "affected", "version": "1.2.0" }, { "lessThanOrEqual": "1.1.2", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.3", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiSwitchManager", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.2.3", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.3", "status": "affected", "version": "7.0.1", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.7", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.14", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" }, { "lessThanOrEqual": "6.2.16", "status": "affected", "version": "6.2.0", "versionType": "semver" }, { "lessThanOrEqual": "6.0.18", "status": "affected", "version": "6.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.9", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.15", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.13", "status": "affected", "version": "2.0.0", "versionType": "semver" }, { "lessThanOrEqual": "1.2.13", "status": "affected", "version": "1.2.0", "versionType": "semver" }, { "lessThanOrEqual": "1.1.6", "status": "affected", "version": "1.1.0", "versionType": "semver" }, { "lessThanOrEqual": "1.0.7", "status": "affected", "version": "1.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A stack-based buffer overflow in Fortinet FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiWeb, FortiAuthenticator, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.1 through 7.0.3, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.15, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specially crafted packets." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:W/RC:C", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-11T14:32:03.697Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-036", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-036" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiPAM version 1.3.0 or above \nPlease upgrade to FortiAuthenticator version 7.0.0 or above \nPlease upgrade to FortiWeb version 7.6.0 or above \nPlease upgrade to FortiWeb version 7.4.3 or above \nPlease upgrade to FortiVoice version 7.0.2 or above \nPlease upgrade to FortiVoice version 6.4.9 or above \nPlease upgrade to FortiSwitchManager version 7.2.4 or above \nPlease upgrade to FortiSwitchManager version 7.0.4 or above \nPlease upgrade to FortiOS version 7.4.4 or above \nPlease upgrade to FortiOS version 7.2.8 or above \nPlease upgrade to FortiOS version 7.0.15 or above \nPlease upgrade to FortiProxy version 7.4.4 or above \nPlease upgrade to FortiProxy version 7.2.10 or above \n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-26010", "datePublished": "2024-06-11T14:32:03.697Z", "dateReserved": "2024-02-14T09:18:43.245Z", "dateUpdated": "2024-08-01T23:59:31.322Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39875
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-02 04:33
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows authenticated, low privilege users with the 'Manage own remote connections' permission to retrieve details about other users and group memberships.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | SINEMA Remote Connect Server |
Version: 0 < V3.2 SP1 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-39875", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T13:25:28.264219Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T13:25:41.772Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:33:11.146Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SINEMA Remote Connect Server", "vendor": "Siemens", "versions": [ { "lessThan": "V3.2 SP1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.2 SP1). The affected application allows authenticated, low privilege users with the \u0027Manage own remote connections\u0027 permission to retrieve details about other users and group memberships." } ], "metrics": [ { "cvssV3_1": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:32.868Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-39875", "datePublished": "2024-07-09T12:05:32.868Z", "dateReserved": "2024-07-01T13:05:40.289Z", "dateUpdated": "2024-08-02T04:33:11.146Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-33577
Vulnerability from cvelistv5
Published
2024-05-14 10:03
Modified
2024-08-02 02:36
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain a stack overflow vulnerability while parsing specially strings as argument for one of the application binaries. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | Simcenter Femap |
Version: 0 < V2406 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:simcenter_femap:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simcenter_femap", "vendor": "siemens", "versions": [ { "lessThan": "2406.90", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-33577", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-12T18:05:49.209348Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-17T20:50:30.719Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:36:04.043Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-258494.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Simcenter Femap", "vendor": "Siemens", "versions": [ { "lessThan": "V2406", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Simcenter Femap (All versions \u003c V2406). The affected applications contain a stack overflow vulnerability while parsing specially strings as argument for one of the application binaries. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:00.935Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-258494.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-33577", "datePublished": "2024-05-14T10:03:05.630Z", "dateReserved": "2024-04-24T12:12:48.306Z", "dateUpdated": "2024-08-02T02:36:04.043Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-33654
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-02 02:36
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | Simcenter Femap |
Version: 0 < V2406 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:simcenter_femap:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simcenter_femap", "vendor": "siemens", "versions": [ { "lessThan": "v2406", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-33654", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T14:10:16.748309Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T14:12:29.920Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:36:04.512Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Simcenter Femap", "vendor": "Siemens", "versions": [ { "lessThan": "V2406", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Simcenter Femap (All versions \u003c V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:03.457Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-33654", "datePublished": "2024-07-09T12:05:03.457Z", "dateReserved": "2024-04-25T09:55:59.242Z", "dateUpdated": "2024-08-02T02:36:04.512Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-32057
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-02 02:06
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21562)
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | Simcenter Femap |
Version: 0 < V2406 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ps_iges_parasolid_translator_component", "vendor": "siemens", "versions": [ { "lessThan": "v27.1.215 ", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32057", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T13:38:57.675203Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T17:16:40.164Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:06:43.570Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Simcenter Femap", "vendor": "Siemens", "versions": [ { "lessThan": "V2406", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Simcenter Femap (All versions \u003c V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21562)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-843", "description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:04:48.041Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-32057", "datePublished": "2024-05-14T10:02:29.858Z", "dateReserved": "2024-04-10T10:05:05.704Z", "dateUpdated": "2024-08-02T02:06:43.570Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-38867
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-13 07:54
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
8.2 (High) - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
8.2 (High) - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.64), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.64), SIPROTEC 5 6MD89 (CP300) (All versions < V9.64), SIPROTEC 5 6MU85 (CP300) (All versions < V9.64), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.64), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.65), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.65), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.65), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.65), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.65), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ81 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ82 (CP100) (All versions < V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.65), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.65), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.65), SIPROTEC 5 7SK82 (CP100) (All versions < V8.89), SIPROTEC 5 7SK82 (CP150) (All versions < V9.65), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.65), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.65), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.65), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.65), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions < V9.64), SIPROTEC 5 7ST86 (CP300) (All versions < V9.64), SIPROTEC 5 7SX82 (CP150) (All versions < V9.65), SIPROTEC 5 7SX85 (CP300) (All versions < V9.65), SIPROTEC 5 7UM85 (CP300) (All versions < V9.64), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.65), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.65), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.65), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.65), SIPROTEC 5 7VE85 (CP300) (All versions < V9.64), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.65), SIPROTEC 5 7VU85 (CP300) (All versions < V9.64), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions < V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.62), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.64). The affected devices are supporting weak ciphers on several ports (443/tcp for web, 4443/tcp for DIGSI 5 and configurable port for syslog over TLS).
This could allow an unauthorized attacker in a man-in-the-middle position to decrypt any data passed over to and from those ports.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-38867", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T13:29:09.013832Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-10T16:29:07.032Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:19:20.533Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-750499.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIPROTEC 5 6MD84 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.64", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 6MD85 (CP200)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 6MD85 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.64", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 6MD86 (CP200)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 6MD86 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.64", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 6MD89 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.64", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 6MU85 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.64", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7KE85 (CP200)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7KE85 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.64", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SA82 (CP100)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SA82 (CP150)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.65", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SA84 (CP200)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SA86 (CP200)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SA86 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.65", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SA87 (CP200)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SA87 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.65", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SD82 (CP100)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SD82 (CP150)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.65", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SD84 (CP200)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SD86 (CP200)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SD86 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.65", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SD87 (CP200)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SD87 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.65", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SJ81 (CP100)", "vendor": "Siemens", "versions": [ { "lessThan": "V8.89", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SJ81 (CP150)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.65", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SJ82 (CP100)", "vendor": "Siemens", "versions": [ { "lessThan": "V8.89", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SJ82 (CP150)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.65", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SJ85 (CP200)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SJ85 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.65", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SJ86 (CP200)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SJ86 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.65", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SK82 (CP100)", "vendor": "Siemens", "versions": [ { "lessThan": "V8.89", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SK82 (CP150)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.65", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SK85 (CP200)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SK85 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.65", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SL82 (CP100)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SL82 (CP150)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.65", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SL86 (CP200)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SL86 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.65", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SL87 (CP200)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SL87 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.65", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SS85 (CP200)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SS85 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.64", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7ST85 (CP200)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7ST85 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.64", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7ST86 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.64", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SX82 (CP150)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.65", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7SX85 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.65", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7UM85 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.64", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7UT82 (CP100)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7UT82 (CP150)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.65", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7UT85 (CP200)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7UT85 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.65", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7UT86 (CP200)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7UT86 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.65", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7UT87 (CP200)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7UT87 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.65", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7VE85 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.64", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7VK87 (CP200)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7VK87 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.65", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 7VU85 (CP300)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.64", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.62", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1)", "vendor": "Siemens", "versions": [ { "lessThan": "V8.89", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.62", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1)", "vendor": "Siemens", "versions": [ { "lessThan": "V8.89", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 Communication Module ETH-BD-2FO", "vendor": "Siemens", "versions": [ { "lessThan": "V9.62", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPROTEC 5 Compact 7SX800 (CP050)", "vendor": "Siemens", "versions": [ { "lessThan": "V9.64", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions \u003c V9.64), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions \u003c V9.64), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions \u003c V9.64), SIPROTEC 5 6MD89 (CP300) (All versions \u003c V9.64), SIPROTEC 5 6MU85 (CP300) (All versions \u003c V9.64), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions \u003c V9.64), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions \u003c V9.65), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions \u003c V9.65), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions \u003c V9.65), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions \u003c V9.65), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions \u003c V9.65), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions \u003c V9.65), SIPROTEC 5 7SJ81 (CP100) (All versions \u003c V8.89), SIPROTEC 5 7SJ81 (CP150) (All versions \u003c V9.65), SIPROTEC 5 7SJ82 (CP100) (All versions \u003c V8.89), SIPROTEC 5 7SJ82 (CP150) (All versions \u003c V9.65), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions \u003c V9.65), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions \u003c V9.65), SIPROTEC 5 7SK82 (CP100) (All versions \u003c V8.89), SIPROTEC 5 7SK82 (CP150) (All versions \u003c V9.65), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions \u003c V9.65), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions \u003c V9.65), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions \u003c V9.65), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions \u003c V9.65), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions \u003c V9.64), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions \u003c V9.64), SIPROTEC 5 7ST86 (CP300) (All versions \u003c V9.64), SIPROTEC 5 7SX82 (CP150) (All versions \u003c V9.65), SIPROTEC 5 7SX85 (CP300) (All versions \u003c V9.65), SIPROTEC 5 7UM85 (CP300) (All versions \u003c V9.64), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions \u003c V9.65), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions \u003c V9.65), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions \u003c V9.65), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions \u003c V9.65), SIPROTEC 5 7VE85 (CP300) (All versions \u003c V9.64), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions \u003c V9.65), SIPROTEC 5 7VU85 (CP300) (All versions \u003c V9.64), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions \u003c V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (Rev.1) (All versions \u003c V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions installed on CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions \u003c V9.62 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (Rev. 1) (All versions \u003c V8.89 installed on CP100 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions \u003c V9.62), SIPROTEC 5 Compact 7SX800 (CP050) (All versions \u003c V9.64). The affected devices are supporting weak ciphers on several ports (443/tcp for web, 4443/tcp for DIGSI 5 and configurable port for syslog over TLS). \r\nThis could allow an unauthorized attacker in a man-in-the-middle position to decrypt any data passed over to and from those ports." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-326", "description": "CWE-326: Inadequate Encryption Strength", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T07:54:10.991Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-750499.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-38867", "datePublished": "2024-07-09T12:05:10.052Z", "dateReserved": "2024-06-20T12:58:59.139Z", "dateUpdated": "2024-08-13T07:54:10.991Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39866
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-02 04:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with administrative privileges.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | SINEMA Remote Connect Server |
Version: 0 < V3.2 SP1 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinema_remote_connect_server", "vendor": "siemens", "versions": [ { "lessThan": "V3.2 SP1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-39866", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T13:11:30.303840Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T13:15:26.630Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:33:10.303Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SINEMA Remote Connect Server", "vendor": "Siemens", "versions": [ { "lessThan": "V3.2 SP1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with administrative privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-267", "description": "CWE-267: Privilege Defined With Unsafe Actions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:21.243Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-39866", "datePublished": "2024-07-09T12:05:21.243Z", "dateReserved": "2024-07-01T13:05:40.287Z", "dateUpdated": "2024-08-02T04:33:10.303Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-7066
Vulnerability from cvelistv5
Published
2024-08-12 21:46
Modified
2024-08-14 14:02
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
The affected applications contain an out of bounds read past the end of
an allocated structure while parsing specially crafted PDF files. This
could allow an attacker to execute code in the context of the current
process.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | JT2Go |
Version: 0 < V14.3.0.8 |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "jt2go", "vendor": "siemens", "versions": [ { "lessThan": "14.3.0.8", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "teamcenter_visualization", "vendor": "siemens", "versions": [ { "lessThan": "14.1.0.14", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "14.2.0.10", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "14.3.0.8", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "2312.0002", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-7066", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-14T13:56:38.749766Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-14T14:02:45.201Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.8", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "Teamcenter Visualization", "vendor": "Siemens", "versions": [ { "lessThan": "V14.1.0.14", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "V14.2.0.10", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "V14.3.0.8", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "V2312.0002", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "MoyunSec reported this vulnerability to Siemens." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The affected applications contain an out of bounds read past the end of \nan allocated structure while parsing specially crafted PDF files. This \ncould allow an attacker to execute code in the context of the current \nprocess." } ], "value": "The affected applications contain an out of bounds read past the end of \nan allocated structure while parsing specially crafted PDF files. This \ncould allow an attacker to execute code in the context of the current \nprocess." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 7.3, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-12T21:46:38.910Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-722010.html" }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-03" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003e\nSiemens has released new versions for the affected products and recommends to update to the latest versions.\n\n:\u003c/p\u003e\u003cul\u003e\u003cli\u003eTeamcenter Visualization V14.1: Update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eV14.1.0.14 or later version\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTeamcenter Visualization V14.2: Update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eV14.2.0.10 or later version\u003c/a\u003e\u003c/li\u003e\u003cli\u003eJT2Go: Update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://plm.sw.siemens.com/en-US/plmcomponents/jt/jt2go/\"\u003eV14.3.0.8 or later version\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTeamcenter Visualization V14.3: Update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eV14.3.0.8 or later version\u003c/a\u003e\u003c/li\u003e\u003cli\u003eTeamcenter Visualization V2312: Update to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.sw.siemens.com/\"\u003eV2312.0002 or later version\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\nFor more information see the associated Siemens security advisory SSA-722010\n\n\n\n\u003cbr\u003e" } ], "value": "Siemens has released new versions for the affected products and recommends to update to the latest versions.\n\n:\n\n * Teamcenter Visualization V14.1: Update to V14.1.0.14 or later version https://support.sw.siemens.com/ \n * Teamcenter Visualization V14.2: Update to V14.2.0.10 or later version https://support.sw.siemens.com/ \n * JT2Go: Update to V14.3.0.8 or later version https://plm.sw.siemens.com/en-US/plmcomponents/jt/jt2go/ \n * Teamcenter Visualization V14.3: Update to V14.3.0.8 or later version https://support.sw.siemens.com/ \n * Teamcenter Visualization V2312: Update to V2312.0002 or later version https://support.sw.siemens.com/ \n\n\n\nFor more information see the associated Siemens security advisory SSA-722010" } ], "source": { "advisory": "ICSA-24-193-03", "discovery": "EXTERNAL" }, "title": "Siemens Teamcenter Visualization and JT2Go Out-of-bounds Read", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eTo reduce risk, Siemens \nrecommends users not open untrusted PDF files in affected applications.\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\n\u003c/ul\u003e\n\u003cp\u003eAs a general security measure, Siemens recommends protecting network \naccess to devices with appropriate mechanisms. To operate the devices in\n a protected IT environment, Siemens recommends configuring the \nenvironment according to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/cert/operational-guidelines-industrial-security\"\u003eSiemens\u0027 operational guidelines for industrial security\u003c/a\u003e and following recommendations in the product manuals.\u003c/p\u003e\n\u003cp\u003eAdditional information on industrial security by Siemens can be found on the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.siemens.com/industrialsecurity\"\u003eSiemens industrial security webpage\u003c/a\u003e\u003c/p\u003eFor more information see the associated Siemens security advisory SSA-722010\n\n\u003cbr\u003e" } ], "value": "To reduce risk, Siemens \nrecommends users not open untrusted PDF files in affected applications.\n\n\n\n\n\n\nAs a general security measure, Siemens recommends protecting network \naccess to devices with appropriate mechanisms. To operate the devices in\n a protected IT environment, Siemens recommends configuring the \nenvironment according to Siemens\u0027 operational guidelines for industrial security https://www.siemens.com/cert/operational-guidelines-industrial-security and following recommendations in the product manuals.\n\n\nAdditional information on industrial security by Siemens can be found on the Siemens industrial security webpage https://www.siemens.com/industrialsecurity \n\nFor more information see the associated Siemens security advisory SSA-722010" } ], "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2023-7066", "datePublished": "2024-08-12T21:46:38.910Z", "dateReserved": "2023-12-21T19:40:53.933Z", "dateUpdated": "2024-08-14T14:02:45.201Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-32056
Vulnerability from cvelistv5
Published
2024-07-09 12:04
Modified
2024-08-02 02:06
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS part file. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | Simcenter Femap |
Version: 0 < V2406 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:simcenter_femap:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simcenter_femap", "vendor": "siemens", "versions": [ { "lessThan": "v2406", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32056", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-23T13:54:13.288247Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-23T13:55:29.612Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:06:44.013Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Simcenter Femap", "vendor": "Siemens", "versions": [ { "lessThan": "V2406", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Simcenter Femap (All versions \u003c V2406). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS part file. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:04:46.565Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-32056", "datePublished": "2024-07-09T12:04:46.565Z", "dateReserved": "2024-04-10T10:05:05.704Z", "dateUpdated": "2024-08-02T02:06:44.013Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-21754
Vulnerability from cvelistv5
Published
2024-06-11 14:32
Modified
2024-08-01 22:27
Severity ?
EPSS score ?
Summary
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged attacker with super-admin profile and CLI access to decrypting the backup file.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiProxy |
Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.10 Version: 7.0.0 ≤ 7.0.17 Version: 2.0.0 ≤ 2.0.14 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21754", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-11T16:13:02.843870Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-11T16:13:16.539Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:27:36.270Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-423", "tags": [ "x_transferred" ], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-423" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.10", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.17", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "2.0.14", "status": "affected", "version": "2.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.8", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.15", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a\u00a0privileged attacker with super-admin profile and CLI access to decrypting the backup file." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 1.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N/E:F/RL:X/RC:R", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-916", "description": "Improper access control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-11T14:32:01.335Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-423", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-423" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiProxy version 7.4.3 or above \nPlease upgrade to FortiOS version 7.4.4 or above \n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-21754", "datePublished": "2024-06-11T14:32:01.335Z", "dateReserved": "2024-01-02T10:15:00.526Z", "dateUpdated": "2024-08-01T22:27:36.270Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-32062
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-02 02:06
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21568)
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | Simcenter Femap |
Version: 0 < V2406 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ps_iges_parasolid_translator_component", "vendor": "siemens", "versions": [ { "lessThan": "v27.1.215 ", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32062", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T13:38:32.695972Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T17:19:00.061Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:06:43.601Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Simcenter Femap", "vendor": "Siemens", "versions": [ { "lessThan": "V2406", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Simcenter Femap (All versions \u003c V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21568)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-843", "description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:04:54.392Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-32062", "datePublished": "2024-05-14T10:02:36.102Z", "dateReserved": "2024-04-10T10:05:05.705Z", "dateUpdated": "2024-08-02T02:06:43.601Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-32735
Vulnerability from cvelistv5
Published
2024-07-09 12:04
Modified
2024-08-02 15:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC STEP 7 Safety V16 (All versions < V16 Update 7), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 7), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 2), SIMATIC STEP 7 V16 (All versions < V16 Update 7), SIMATIC STEP 7 V17 (All versions < V17 Update 7), SIMATIC STEP 7 V18 (All versions < V18 Update 2), SIMATIC WinCC Unified V16 (All versions < V16 Update 7), SIMATIC WinCC Unified V17 (All versions < V17 Update 7), SIMATIC WinCC Unified V18 (All versions < V18 Update 2), SIMATIC WinCC V16 (All versions < V16.7), SIMATIC WinCC V17 (All versions < V17.7), SIMATIC WinCC V18 (All versions < V18 Update 2), SIMOCODE ES V16 (All versions < V16 Update 7), SIMOCODE ES V17 (All versions < V17 Update 7), SIMOCODE ES V18 (All versions < V18 Update 2), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SIRIUS Safety ES V17 (All versions < V17 Update 7), SIRIUS Safety ES V18 (All versions < V18 Update 2), SIRIUS Soft Starter ES V17 (All versions < V17 Update 7), SIRIUS Soft Starter ES V18 (All versions < V18 Update 2), Soft Starter ES V16 (All versions < V16 Update 7), TIA Portal Cloud V3.0 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing hardware configuration profiles. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.
This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC STEP 7 Safety V16 |
Version: 0 < V16 Update 7 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:simatic_step_7_safety:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_step_7_safety", "vendor": "siemens", "versions": [ { "lessThan": "v16update7", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "v17update7", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "v18update2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_step_7", "vendor": "siemens", "versions": [ { "lessThan": "v16update7", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "v17update7", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "v18update2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:simatic_wincc_unified:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_wincc_unified", "vendor": "siemens", "versions": [ { "lessThan": "v16update7", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "v17update7", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "v18update2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_wincc", "vendor": "siemens", "versions": [ { "lessThan": "v17.7", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "v18update2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:simocode_es:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simocode_es", "vendor": "siemens", "versions": [ { "lessThan": "v16update7", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "v17update7", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "v18update2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:simotion_scout_tia:v5.4sp1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simotion_scout_tia", "vendor": "siemens", "versions": [ { "status": "affected", "version": "v5.4sp1" } ] }, { "cpes": [ "cpe:2.3:a:siemens:simotion_scout_tia:v5.4sp3:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simotion_scout_tia", "vendor": "siemens", "versions": [ { "status": "affected", "version": "v5.4sp3" } ] }, { "cpes": [ "cpe:2.3:a:siemens:simotion_scout_tia:v5.5sp1:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simotion_scout_tia", "vendor": "siemens", "versions": [ { "status": "affected", "version": "v5.5sp1" } ] }, { "cpes": [ "cpe:2.3:a:siemens:sinamics_startdrive:v17:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinamics_startdrive", "vendor": "siemens", "versions": [ { "status": "affected", "version": "v17" } ] }, { "cpes": [ "cpe:2.3:a:siemens:sinamics_startdrive:v18:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinamics_startdrive", "vendor": "siemens", "versions": [ { "status": "affected", "version": "v18" } ] }, { "cpes": [ "cpe:2.3:a:siemens:sirius_safety_es:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sirius_safety_es", "vendor": "siemens", "versions": [ { "lessThan": "v17update7", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "v18update2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:sirius_soft_starter_es:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sirius_soft_starter_es", "vendor": "siemens", "versions": [ { "lessThan": "v17update7", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "v18update2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:soft_starter_es:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "soft_starter_es", "vendor": "siemens", "versions": [ { "lessThan": "v16update7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:tia_portal_cloud_v3.0:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "tia_portal_cloud_v3.0", "vendor": "siemens", "versions": [ { "lessThan": "v18update2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-32735", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T19:09:33.343230Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-10T21:03:01.011Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T15:25:36.815Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-779936.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC STEP 7 Safety V16", "vendor": "Siemens", "versions": [ { "lessThan": "V16 Update 7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC STEP 7 Safety V17", "vendor": "Siemens", "versions": [ { "lessThan": "V17 Update 7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC STEP 7 Safety V18", "vendor": "Siemens", "versions": [ { "lessThan": "V18 Update 2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC STEP 7 V16", "vendor": "Siemens", "versions": [ { "lessThan": "V16 Update 7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC STEP 7 V17", "vendor": "Siemens", "versions": [ { "lessThan": "V17 Update 7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC STEP 7 V18", "vendor": "Siemens", "versions": [ { "lessThan": "V18 Update 2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinCC Unified V16", "vendor": "Siemens", "versions": [ { "lessThan": "V16 Update 7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinCC Unified V17", "vendor": "Siemens", "versions": [ { "lessThan": "V17 Update 7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinCC Unified V18", "vendor": "Siemens", "versions": [ { "lessThan": "V18 Update 2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinCC V16", "vendor": "Siemens", "versions": [ { "lessThan": "V16.7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinCC V17", "vendor": "Siemens", "versions": [ { "lessThan": "V17.7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinCC V18", "vendor": "Siemens", "versions": [ { "lessThan": "V18 Update 2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMOCODE ES V16", "vendor": "Siemens", "versions": [ { "lessThan": "V16 Update 7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMOCODE ES V17", "vendor": "Siemens", "versions": [ { "lessThan": "V17 Update 7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMOCODE ES V18", "vendor": "Siemens", "versions": [ { "lessThan": "V18 Update 2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMOTION SCOUT TIA V5.4 SP1", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMOTION SCOUT TIA V5.4 SP3", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMOTION SCOUT TIA V5.5 SP1", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS Startdrive V16", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS Startdrive V17", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS Startdrive V18", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIRIUS Safety ES V17", "vendor": "Siemens", "versions": [ { "lessThan": "V17 Update 7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIRIUS Safety ES V18", "vendor": "Siemens", "versions": [ { "lessThan": "V18 Update 2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIRIUS Soft Starter ES V17", "vendor": "Siemens", "versions": [ { "lessThan": "V17 Update 7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIRIUS Soft Starter ES V18", "vendor": "Siemens", "versions": [ { "lessThan": "V18 Update 2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Soft Starter ES V16", "vendor": "Siemens", "versions": [ { "lessThan": "V16 Update 7", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "TIA Portal Cloud V3.0", "vendor": "Siemens", "versions": [ { "lessThan": "V18 Update 2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC STEP 7 Safety V16 (All versions \u003c V16 Update 7), SIMATIC STEP 7 Safety V17 (All versions \u003c V17 Update 7), SIMATIC STEP 7 Safety V18 (All versions \u003c V18 Update 2), SIMATIC STEP 7 V16 (All versions \u003c V16 Update 7), SIMATIC STEP 7 V17 (All versions \u003c V17 Update 7), SIMATIC STEP 7 V18 (All versions \u003c V18 Update 2), SIMATIC WinCC Unified V16 (All versions \u003c V16 Update 7), SIMATIC WinCC Unified V17 (All versions \u003c V17 Update 7), SIMATIC WinCC Unified V18 (All versions \u003c V18 Update 2), SIMATIC WinCC V16 (All versions \u003c V16.7), SIMATIC WinCC V17 (All versions \u003c V17.7), SIMATIC WinCC V18 (All versions \u003c V18 Update 2), SIMOCODE ES V16 (All versions \u003c V16 Update 7), SIMOCODE ES V17 (All versions \u003c V17 Update 7), SIMOCODE ES V18 (All versions \u003c V18 Update 2), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SIRIUS Safety ES V17 (All versions \u003c V17 Update 7), SIRIUS Safety ES V18 (All versions \u003c V18 Update 2), SIRIUS Soft Starter ES V17 (All versions \u003c V17 Update 7), SIRIUS Soft Starter ES V18 (All versions \u003c V18 Update 2), Soft Starter ES V16 (All versions \u003c V16 Update 7), TIA Portal Cloud V3.0 (All versions \u003c V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing hardware configuration profiles. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.\r\n\r\nThis is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300." } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "CWE-502: Deserialization of Untrusted Data", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:04:26.871Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-779936.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-32735", "datePublished": "2024-07-09T12:04:26.871Z", "dateReserved": "2023-05-12T13:16:47.721Z", "dateUpdated": "2024-08-02T15:25:36.815Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39569
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-02 04:26
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an administrative remote attacker running a corresponding SINEMA Remote Connect Server to execute arbitrary code with system privileges on the client system.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | SINEMA Remote Connect Client |
Version: 0 < V3.2 HF1 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinema_remote_connect_client", "vendor": "siemens", "versions": [ { "lessThan": "v3.2hf1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-39569", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T13:22:39.927612Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T13:24:19.968Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:15.951Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-868282.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SINEMA Remote Connect Client", "vendor": "Siemens", "versions": [ { "lessThan": "V3.2 HF1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions \u003c V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an administrative remote attacker running a corresponding SINEMA Remote Connect Server to execute arbitrary code with system privileges on the client system." } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:14.075Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-868282.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-39569", "datePublished": "2024-07-09T12:05:14.075Z", "dateReserved": "2024-06-25T15:55:17.885Z", "dateUpdated": "2024-08-02T04:26:15.951Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-3596
Vulnerability from cvelistv5
Published
2024-07-09 12:02
Modified
2024-08-29 14:32
Severity ?
EPSS score ?
Summary
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
References
▼ | URL | Tags |
---|---|---|
https://datatracker.ietf.org/doc/html/rfc2865 | ||
https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ | ||
https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf | ||
https://www.blastradius.fail/ | ||
http://www.openwall.com/lists/oss-security/2024/07/09/4 | ||
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:ietf:rfc:2865:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "rfc", "vendor": "ietf", "versions": [ { "status": "affected", "version": "2865" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-3596", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-11T03:55:37.141738Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-24T20:18:28.202Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-29T14:32:14.851Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20240822-0001/" }, { "url": "https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol" }, { "tags": [ "x_transferred" ], "url": "https://datatracker.ietf.org/doc/html/rfc2865" }, { "tags": [ "x_transferred" ], "url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/" }, { "tags": [ "x_transferred" ], "url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf" }, { "tags": [ "x_transferred" ], "url": "https://www.blastradius.fail/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/07/09/4" }, { "tags": [ "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014" } ], "title": "CVE Program Container", "x_generator": { "engine": "ADPogram 0.0.1" } } ], "cna": { "affected": [ { "product": "RFC", "vendor": "IETF", "versions": [ { "status": "affected", "version": "2865" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Thanks to Sharon Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl who researched and reported this vulnerability" } ], "descriptions": [ { "lang": "en", "value": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-328: Use of Weak Hash", "lang": "en" } ] }, { "descriptions": [ { "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en" } ] }, { "descriptions": [ { "description": "CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T14:08:23.145Z", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc" }, "references": [ { "url": "https://datatracker.ietf.org/doc/html/rfc2865" }, { "url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/" }, { "url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf" }, { "url": "https://www.blastradius.fail/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/07/09/4" }, { "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014" } ], "source": { "discovery": "EXTERNAL" }, "title": "RADIUS Protocol under RFC2865 is vulnerable to forgery attacks.", "x_generator": { "engine": "VINCE 3.0.4", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-3596" } } }, "cveMetadata": { "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2024-3596", "datePublished": "2024-07-09T12:02:53.001Z", "dateReserved": "2024-04-10T15:09:45.391Z", "dateUpdated": "2024-08-29T14:32:14.851Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39867
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-02 04:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit device configuration information of devices for which they have no privileges.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | SINEMA Remote Connect Server |
Version: 0 < V3.2 SP1 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-39867", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-15T21:31:02.143042Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-15T21:31:16.205Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:33:10.791Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SINEMA Remote Connect Server", "vendor": "Siemens", "versions": [ { "lessThan": "V3.2 SP1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit device configuration information of devices for which they have no privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-425", "description": "CWE-425: Direct Request (\u0027Forced Browsing\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:22.532Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-39867", "datePublished": "2024-07-09T12:05:22.532Z", "dateReserved": "2024-07-01T13:05:40.287Z", "dateUpdated": "2024-08-02T04:33:10.791Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39888
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-02 04:33
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Mendix Encryption (All versions >= V10.0.0 < V10.0.2). Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified.
This could allow to an attacker to decrypt any encrypted project data, as the default encryption key can be considered compromised.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | Mendix Encryption |
Version: V10.0.0 < V10.0.2 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:mendix_encryption:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mendix_encryption", "vendor": "siemens", "versions": [ { "lessThan": "V10.0.2", "status": "affected", "version": "V10.0.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-39888", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T13:06:11.608012Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T13:09:37.087Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:33:11.555Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-998949.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Mendix Encryption", "vendor": "Siemens", "versions": [ { "lessThan": "V10.0.2", "status": "affected", "version": "V10.0.0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Mendix Encryption (All versions \u003e= V10.0.0 \u003c V10.0.2). Affected versions of the module define a specific hard-coded default value for the EncryptionKey constant, which is used in projects where no individual EncryptionKey was specified.\r\n\r\nThis could allow to an attacker to decrypt any encrypted project data, as the default encryption key can be considered compromised." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-547", "description": "CWE-547: Use of Hard-coded, Security-relevant Constants", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:35.455Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-998949.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-39888", "datePublished": "2024-07-09T12:05:35.455Z", "dateReserved": "2024-07-02T14:00:15.330Z", "dateUpdated": "2024-08-02T04:33:11.555Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-32066
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-02 02:06
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21578)
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | Simcenter Femap |
Version: 0 < V2406 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ps_iges_parasolid_translator_component", "vendor": "siemens", "versions": [ { "lessThan": "v27.1.215 ", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32066", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T13:37:58.631146Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T17:20:02.180Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:06:43.286Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Simcenter Femap", "vendor": "Siemens", "versions": [ { "lessThan": "V2406", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Simcenter Femap (All versions \u003c V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21578)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:04:59.633Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-32066", "datePublished": "2024-05-14T10:02:41.043Z", "dateReserved": "2024-04-10T10:05:05.705Z", "dateUpdated": "2024-08-02T02:06:43.286Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39873
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-02 04:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | SINEMA Remote Connect Server |
Version: 0 < V3.2 SP1 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:sinema_remote_connect_server:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinema_remote_connect_server", "vendor": "siemens", "versions": [ { "lessThan": "3.2_sp1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-39873", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T13:18:38.543900Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-10T16:28:58.129Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:33:10.241Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SINEMA Remote Connect Server", "vendor": "Siemens", "versions": [ { "lessThan": "V3.2 SP1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-307", "description": "CWE-307: Improper Restriction of Excessive Authentication Attempts", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:30.268Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-39873", "datePublished": "2024-07-09T12:05:30.268Z", "dateReserved": "2024-07-01T13:05:40.288Z", "dateUpdated": "2024-08-02T04:33:10.241Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-30321
Vulnerability from cvelistv5
Published
2024-07-09 12:04
Modified
2024-11-12 12:49
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
8.2 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
8.2 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information.
This could allow an unauthenticated remote attacker to retrieve information such as users and passwords.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC PCS 7 V9.1 |
Version: 0 < V9.1 SP2 UC05 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T01:32:07.025Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-883918.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_pcs_7", "vendor": "siemens", "versions": [ { "lessThan": "10", "status": "affected", "version": "9.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_wincc", "vendor": "siemens", "versions": [ { "lessThan": "7.4_sp1_update_23", "status": "affected", "version": "7.4", "versionType": "custom" }, { "lessThan": "7.5_sp2_update_17", "status": "affected", "version": "7.5", "versionType": "custom" }, { "lessThan": "8.0_update_5", "status": "affected", "version": "8.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:simatic_wincc_runtime_professional:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_wincc_runtime_professional", "vendor": "siemens", "versions": [ { "lessThan": "19", "status": "affected", "version": "18", "versionType": "custom" }, { "lessThan": "19_update_2", "status": "affected", "version": "19", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-30321", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-19T16:20:35.487955Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-19T16:49:59.084Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC PCS 7 V9.1", "vendor": "Siemens", "versions": [ { "lessThan": "V9.1 SP2 UC05", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinCC Runtime Professional V18", "vendor": "Siemens", "versions": [ { "lessThan": "V18 Update 5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinCC Runtime Professional V19", "vendor": "Siemens", "versions": [ { "lessThan": "V19 Update 2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinCC V7.4", "vendor": "Siemens", "versions": [ { "lessThan": "V7.4 SP1 Update 23", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinCC V7.5", "vendor": "Siemens", "versions": [ { "lessThan": "V7.5 SP2 Update 17", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC WinCC V8.0", "vendor": "Siemens", "versions": [ { "lessThan": "V8.0 Update 5", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions \u003c V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions \u003c V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions \u003c V19 Update 2), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions \u003c V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions \u003c V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information.\r\nThis could allow an unauthenticated remote attacker to retrieve information such as users and passwords." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 8.2, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-359", "description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-12T12:49:28.352Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-883918.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-30321", "datePublished": "2024-07-09T12:04:43.997Z", "dateReserved": "2024-03-26T16:42:16.797Z", "dateUpdated": "2024-11-12T12:49:28.352Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-46720
Vulnerability from cvelistv5
Published
2024-06-11 14:32
Modified
2024-08-02 20:53
Severity ?
EPSS score ?
Summary
A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted CLI commands.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.2.7", "status": "affected", "version": "7.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:7.0.0:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.4.6:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.6", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.2.9:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "6.2.16", "status": "affected", "version": "6.2.9", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:6.0.13:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThanOrEqual": "6.0.18", "status": "affected", "version": "6.0.13", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-46720", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-14T03:55:22.962Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T20:53:20.902Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-356", "tags": [ "x_transferred" ], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-356" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.7", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.12", "status": "affected", "version": "7.0.0", "versionType": "semver" }, { "lessThanOrEqual": "6.4.15", "status": "affected", "version": "6.4.6", "versionType": "semver" }, { "lessThanOrEqual": "6.2.16", "status": "affected", "version": "6.2.9", "versionType": "semver" }, { "lessThanOrEqual": "6.0.18", "status": "affected", "version": "6.0.13", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted CLI commands." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:X", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-11T14:32:00.582Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-356", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-356" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.4 or above \nPlease upgrade to FortiOS version 7.2.8 or above \n" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2023-46720", "datePublished": "2024-06-11T14:32:00.582Z", "dateReserved": "2023-10-25T08:43:15.290Z", "dateUpdated": "2024-08-02T20:53:20.902Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39675
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-02 04:26
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM RS400 (All versions < V4.3.10), RUGGEDCOM RS400NC (All versions < V4.3.10), RUGGEDCOM RS401 (All versions < V4.3.10), RUGGEDCOM RS401NC (All versions < V4.3.10), RUGGEDCOM RS416 (All versions < V4.3.10), RUGGEDCOM RS416NC (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416P (All versions < V4.3.10), RUGGEDCOM RS416PNC (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS910 (All versions < V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions < V4.3.10), RUGGEDCOM RS910W (All versions < V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM RMC30 |
Version: 0 < V4.3.10 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rmc30:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rmc30", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rmc30nc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rmc30nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rp110:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rp110", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rp110nc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rp110nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs400:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs400", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs400nc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs400nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs401:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs401", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs401nc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs401nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs416:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs416", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs416nc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs416nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs416ncv2:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs416ncv2", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs416ncv2:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs416ncv2", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs416p:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs416p", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs416pnc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs416pnc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs416pncv2:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs416pncv2", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs416pncv2:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs416pncv2", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs416pv2:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs416pv2", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs416pv2:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs416pv2", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs416v2:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs416v2", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs416v2:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs416v2", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs910:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs910", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs910l:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs910l", "vendor": "siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs920l:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs920l", "vendor": "siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs910lnc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs910lnc", "vendor": "siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs910nc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs910nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs920lnc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs920lnc", "vendor": "siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs910w:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs910w", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs920w:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs920w", "vendor": "siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-39675", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T13:14:06.893152Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-11T17:59:32.631Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:16.017Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-170375.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM RMC30", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RMC30NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RP110", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RP110NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS400", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS400NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS401", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS401NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416NCv2 V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416NCv2 V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416P", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416PNC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416PNCv2 V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416PNCv2 V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416Pv2 V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416Pv2 V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416v2 V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416v2 V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS910", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS910L", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS910LNC", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS910NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS910W", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS920L", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS920LNC", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS920W", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM RMC30 (All versions \u003c V4.3.10), RUGGEDCOM RMC30NC (All versions \u003c V4.3.10), RUGGEDCOM RP110 (All versions \u003c V4.3.10), RUGGEDCOM RP110NC (All versions \u003c V4.3.10), RUGGEDCOM RS400 (All versions \u003c V4.3.10), RUGGEDCOM RS400NC (All versions \u003c V4.3.10), RUGGEDCOM RS401 (All versions \u003c V4.3.10), RUGGEDCOM RS401NC (All versions \u003c V4.3.10), RUGGEDCOM RS416 (All versions \u003c V4.3.10), RUGGEDCOM RS416NC (All versions \u003c V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions \u003c V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS416P (All versions \u003c V4.3.10), RUGGEDCOM RS416PNC (All versions \u003c V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions \u003c V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions \u003c V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions \u003c V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS910 (All versions \u003c V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions \u003c V4.3.10), RUGGEDCOM RS910W (All versions \u003c V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-497", "description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:18.310Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-170375.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-39675", "datePublished": "2024-07-09T12:05:18.310Z", "dateReserved": "2024-06-27T11:41:41.875Z", "dateUpdated": "2024-08-02T04:26:16.017Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27321
Vulnerability from cvelistv5
Published
2024-05-07 22:55
Modified
2024-08-02 12:09
Severity ?
EPSS score ?
Summary
OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20505.
References
▼ | URL | Tags |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-23-548/ | x_research-advisory | |
https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-27321.pdf | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | OPC Foundation | UA .NET Standard |
Version: 1.4.371.60 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:opcfoundation:unified_architecture_.net-standard:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "unified_architecture_.net-standard", "vendor": "opcfoundation", "versions": [ { "status": "affected", "version": "1.4.371.60" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-27321", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-08T15:27:13.124910Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:24:44.157Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T12:09:43.438Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ZDI-23-548", "tags": [ "x_research-advisory", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-548/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-27321.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "UA .NET Standard", "vendor": "OPC Foundation", "versions": [ { "status": "affected", "version": "1.4.371.60" } ] } ], "dateAssigned": "2023-02-28T12:05:53.841-06:00", "datePublic": "2023-05-04T17:17:13.102-05:00", "descriptions": [ { "lang": "en", "value": "OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of OPC Foundation UA .NET Standard. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of OPC UA ConditionRefresh requests. By sending a large number of requests, an attacker can consume all available resources on the server. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-20505." } ], "metrics": [ { "cvssV3_0": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption (\u0027Resource Exhaustion\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-07T22:55:01.898Z", "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "shortName": "zdi" }, "references": [ { "name": "ZDI-23-548", "tags": [ "x_research-advisory" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-548/" }, { "name": "vendor-provided URL", "tags": [ "vendor-advisory" ], "url": "https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2023-27321.pdf" } ], "source": { "lang": "en", "value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov" }, "title": "OPC Foundation UA .NET Standard ConditionRefresh Resource Exhaustion Denial-of-Service Vulnerability" } }, "cveMetadata": { "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e", "assignerShortName": "zdi", "cveId": "CVE-2023-27321", "datePublished": "2024-05-07T22:55:01.898Z", "dateReserved": "2023-02-28T17:58:45.477Z", "dateUpdated": "2024-08-02T12:09:43.438Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39868
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-02 04:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit VxLAN configuration information of networks for which they have no privileges.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | SINEMA Remote Connect Server |
Version: 0 < V3.2 SP1 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinema_remote_connect_server", "vendor": "siemens", "versions": [ { "lessThan": "V3.2 SP1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-39868", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-10T19:43:18.767680Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-10T19:50:42.756Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:33:10.311Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SINEMA Remote Connect Server", "vendor": "Siemens", "versions": [ { "lessThan": "V3.2 SP1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit VxLAN configuration information of networks for which they have no privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-425", "description": "CWE-425: Direct Request (\u0027Forced Browsing\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:23.810Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-39868", "datePublished": "2024-07-09T12:05:23.810Z", "dateReserved": "2024-07-01T13:05:40.287Z", "dateUpdated": "2024-08-02T04:33:10.311Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-32060
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-02 02:06
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21565)
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | Simcenter Femap |
Version: 0 < V2406 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ps_iges_parasolid_translator_component", "vendor": "siemens", "versions": [ { "lessThan": "v27.1.215 ", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32060", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T13:33:36.335549Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T17:18:28.371Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:06:43.398Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Simcenter Femap", "vendor": "Siemens", "versions": [ { "lessThan": "V2406", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Simcenter Femap (All versions \u003c V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21565)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:04:51.859Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-32060", "datePublished": "2024-05-14T10:02:33.562Z", "dateReserved": "2024-04-10T10:05:05.704Z", "dateUpdated": "2024-08-02T02:06:43.398Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-52237
Vulnerability from cvelistv5
Published
2024-07-09 12:04
Modified
2024-08-28 17:27
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The web server of the affected devices allow a low privileged user to access hashes and password salts of all system's users, including admin users. An attacker could use the obtained information to brute force the passwords offline.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM i800 |
Version: 0 < V4.3.10 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:55:40.975Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-170375.html" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i800:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i800", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i800nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i800nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i801:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i801", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i801nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i801nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i802:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i802", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i802nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i802nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i803:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i803", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i803nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i803nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_m2100:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_m2100", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_m2100nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_m2100nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_m2200:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_m2200", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_m2200nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_m2200nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_m969:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_m969", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_m969nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_m969nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rmc30:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rmc30", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rmc30nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rmc30nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i800:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i800", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i800nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i800nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i801:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i801", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i801nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i801nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i802:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i802", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i802nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i802nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i803:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i803", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i803nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i803nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_m2100:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_m2100", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_m2100nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_m2100nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_m2200:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_m2200", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_m2200nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_m2200nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_m969:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_m969", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_m969nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_m969nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rmc30:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rmc30", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rmc30nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rmc30nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i800:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i800", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i800nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i800nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i801:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i801", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i801nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i801nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i802:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i802", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i802nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i802nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i803:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i803", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_i803nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_i803nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_m2100:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_m2100", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_m2100nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_m2100nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_m2200:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_m2200", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_m2200nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_m2200nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_m969:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_m969", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_m969nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_m969nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rmc30:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rmc30", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rmc30nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rmc30nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rp110:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rp110", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rp110nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rp110nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs1600:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs1600", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs1600f:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs1600f", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs1600fnc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs1600fnc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs1600nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs1600nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs1600t:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs1600t", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs1600tnc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs1600tnc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs400:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs400", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs400nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs400nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs401:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs401", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs401nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs401nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs416:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs416", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs416nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs416nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs416p:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs416p", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs416pnc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs416pnc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs8000:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs8000", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs8000a:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs8000a", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs8000anc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs8000anc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs8000h:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs8000h", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs8000hnc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs8000hnc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs8000nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs8000nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs8000t:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs8000t", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs8000tnc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs8000tnc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs900:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs900", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs900g:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs900g", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs900gnc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs900gnc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs900gp:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs900gp", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs900gpnc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs900gpnc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs900l:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs900l", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs900lnc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs900lnc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs900nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs900nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs900w:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs900w", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs910:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs910", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs910l:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs910l", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs910lnc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs910lnc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs910nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs910nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs910w:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs910w", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs920l:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs920l", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs920lnc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs920lnc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs920w:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs920w", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs930l:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs930l", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs930lnc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs930lnc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs930w:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs930w", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs940g:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs940g", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs940gnc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs940gnc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs969:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs969", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rs969nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rs969nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rsg2100:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rsg2100", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rsg2100nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rsg2100nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rsg2100p:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rsg2100p", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rsg2100pnc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rsg2100pnc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rsg2200:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rsg2200", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rsg2200nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rsg2200nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rsg907r:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rsg907r", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rsg908c:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rsg908c", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rsg909r:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rsg909r", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rsg910c:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rsg910c", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rsl910:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rsl910", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rsl910nc:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rsl910nc", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rst2228:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rst2228", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rst2228p:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rst2228p", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rst916c:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rst916c", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:ruggedcom_rst916p:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_rst916p", "vendor": "siemens", "versions": [ { "lessThan": "4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-52237", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T13:18:46.812929Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-28T17:27:09.634Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM i800", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM i800NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM i801", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM i801NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM i802", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM i802NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM i803", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM i803NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM M2100", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM M2100NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM M2200", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM M2200NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM M969", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM M969NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RMC30", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RMC30NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RMC8388 V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RMC8388 V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RMC8388NC V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RMC8388NC V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RP110", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RP110NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS1600", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS1600F", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS1600FNC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS1600NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS1600T", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS1600TNC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS400", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS400NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS401", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS401NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416NCv2 V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416NCv2 V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416P", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416PNC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416PNCv2 V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416PNCv2 V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416Pv2 V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416Pv2 V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416v2 V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416v2 V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS8000", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS8000A", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS8000ANC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS8000H", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS8000HNC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS8000NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS8000T", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS8000TNC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900 (32M) V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900 (32M) V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900G", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900G (32M) V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900G (32M) V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900GNC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900GNC(32M) V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900GNC(32M) V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900GP", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900GPNC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900L", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900LNC", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900M-GETS-C01", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900M-GETS-XX", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900M-STND-C01", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900M-STND-XX", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900MNC-GETS-C01", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900MNC-GETS-XX", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900MNC-STND-XX", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900MNC-STND-XX-C01", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900NC(32M) V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900NC(32M) V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900W", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS910", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS910L", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS910LNC", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS910NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS910W", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS920L", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS920LNC", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS920W", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS930L", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS930LNC", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS930W", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS940G", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS940GNC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS969", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS969NC", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2100", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2100 (32M) V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2100 (32M) V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2100NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2100NC(32M) V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2100NC(32M) V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2100P", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2100PNC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2200", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2200NC", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2288 V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2288 V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2288NC V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2288NC V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2300 V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2300 V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2300NC V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2300NC V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2300P V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2300P V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2300PNC V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2300PNC V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2488 V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2488 V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2488NC V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2488NC V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG907R", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG908C", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG909R", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG910C", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG920P V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG920P V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG920PNC V4.X", "vendor": "Siemens", "versions": [ { "lessThan": "V4.3.10", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG920PNC V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSL910", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSL910NC", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RST2228", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RST2228P", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RST916C", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RST916P", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The web server of the affected devices allow a low privileged user to access hashes and password salts of all system\u0027s users, including admin users. An attacker could use the obtained information to brute force the passwords offline." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:04:39.159Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-170375.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-52237", "datePublished": "2024-07-09T12:04:39.159Z", "dateReserved": "2023-12-29T16:54:27.071Z", "dateUpdated": "2024-08-28T17:27:09.634Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-32064
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-02 02:06
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21575)
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | Simcenter Femap |
Version: 0 < V2406 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ps_iges_parasolid_translator_component", "vendor": "siemens", "versions": [ { "lessThan": "v27.1.215 ", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32064", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T13:38:15.643856Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T17:19:28.002Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:06:43.386Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Simcenter Femap", "vendor": "Siemens", "versions": [ { "lessThan": "V2406", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Simcenter Femap (All versions \u003c V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21575)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:04:56.921Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-32064", "datePublished": "2024-05-14T10:02:38.564Z", "dateReserved": "2024-04-10T10:05:05.705Z", "dateUpdated": "2024-08-02T02:06:43.386Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-38278
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-02 04:04
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.9.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.9.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900NC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2288 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2288NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300P V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300PNC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2488 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2488NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG907R (All versions < V5.9.0), RUGGEDCOM RSG908C (All versions < V5.9.0), RUGGEDCOM RSG909R (All versions < V5.9.0), RUGGEDCOM RSG910C (All versions < V5.9.0), RUGGEDCOM RSG920P V5.X (All versions < V5.9.0), RUGGEDCOM RSG920PNC V5.X (All versions < V5.9.0), RUGGEDCOM RSL910 (All versions < V5.9.0), RUGGEDCOM RSL910NC (All versions < V5.9.0), RUGGEDCOM RST2228 (All versions < V5.9.0), RUGGEDCOM RST2228P (All versions < V5.9.0), RUGGEDCOM RST916C (All versions < V5.9.0), RUGGEDCOM RST916P (All versions < V5.9.0). The affected products with IP forwarding enabled wrongly make available certain remote services in non-managed VLANs, even if these services are not intentionally activated. An attacker could leverage this vulnerability to create a remote shell to the affected system.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM RMC8388 V5.X |
Version: 0 < V5.9.0 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rmc8388:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rmc8388", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rmc8388nc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rmc8388nc", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs416ncv2:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs416ncv2", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs416pncv2:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs416pncv2", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs416pv2:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs416pv2", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs416v2:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs416v2", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs900:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs900", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs900g:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs900g", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs900gnc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs900gnc", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rs900nc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rs900nc", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rsg2100:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rsg2100", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rsg2100nc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rsg2100nc", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rsg2288:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rsg2288", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rsg2288nc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rsg2288nc", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rsg2300:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rsg2300", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rsg2300nc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rsg2300nc", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rsg2300p:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rsg2300p", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rsg2300pnc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rsg2300pnc", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rsg2488:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rsg2488", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rsg2488nc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rsg2488nc", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rsg907r:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rsg907r", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rsg908c:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rsg908c", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rsg909r:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rsg909r", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rsg910c:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rsg910c", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rsg920p:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rsg920p", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rsg920pnc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rsg920pnc", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rsl910:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rsl910", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rsl910nc:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rsl910nc", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rst2228:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rst2228", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rst2228p:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rst2228p", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rst916c:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rst916c", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:siemens:ruggedcom_ros_rst916p:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ruggedcom_ros_rst916p", "vendor": "siemens", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-38278", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-24T17:16:47.980613Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-24T17:45:46.872Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:04:25.242Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-170375.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM RMC8388 V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RMC8388NC V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416NCv2 V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416PNCv2 V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416Pv2 V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS416v2 V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900 (32M) V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900G (32M) V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900GNC(32M) V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RS900NC(32M) V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2100 (32M) V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2100NC(32M) V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2288 V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2288NC V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2300 V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2300NC V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2300P V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2300PNC V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2488 V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG2488NC V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG907R", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG908C", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG909R", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG910C", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG920P V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSG920PNC V5.X", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSL910", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RSL910NC", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RST2228", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RST2228P", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RST916C", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RST916P", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RMC8388NC V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS416NCv2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS416PNCv2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS416Pv2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS416v2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS900 (32M) V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS900G (32M) V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS900NC(32M) V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG2288 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG2288NC V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG2300 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG2300NC V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG2300P V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG2300PNC V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG2488 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG2488NC V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG907R (All versions \u003c V5.9.0), RUGGEDCOM RSG908C (All versions \u003c V5.9.0), RUGGEDCOM RSG909R (All versions \u003c V5.9.0), RUGGEDCOM RSG910C (All versions \u003c V5.9.0), RUGGEDCOM RSG920P V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSG920PNC V5.X (All versions \u003c V5.9.0), RUGGEDCOM RSL910 (All versions \u003c V5.9.0), RUGGEDCOM RSL910NC (All versions \u003c V5.9.0), RUGGEDCOM RST2228 (All versions \u003c V5.9.0), RUGGEDCOM RST2228P (All versions \u003c V5.9.0), RUGGEDCOM RST916C (All versions \u003c V5.9.0), RUGGEDCOM RST916P (All versions \u003c V5.9.0). The affected products with IP forwarding enabled wrongly make available certain remote services in non-managed VLANs, even if these services are not intentionally activated. An attacker could leverage this vulnerability to create a remote shell to the affected system." } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-266", "description": "CWE-266: Incorrect Privilege Assignment", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:07.958Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-170375.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-38278", "datePublished": "2024-07-09T12:05:07.958Z", "dateReserved": "2024-06-12T14:37:01.983Z", "dateUpdated": "2024-08-02T04:04:25.242Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-32061
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-02 02:06
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21566)
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | Simcenter Femap |
Version: 0 < V2406 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ps_iges_parasolid_translator_component", "vendor": "siemens", "versions": [ { "lessThan": "v27.1.215 ", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32061", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T13:38:41.028724Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T17:18:42.041Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:06:43.465Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Simcenter Femap", "vendor": "Siemens", "versions": [ { "lessThan": "V2406", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Simcenter Femap (All versions \u003c V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21566)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:04:53.131Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-32061", "datePublished": "2024-05-14T10:02:34.833Z", "dateReserved": "2024-04-10T10:05:05.704Z", "dateUpdated": "2024-08-02T02:06:43.465Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39567
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-02 04:26
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | SINEMA Remote Connect Client |
Version: 0 < V3.2 HF1 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinema_remote_connect_client", "vendor": "siemens", "versions": [ { "lessThan": "V3.2 HF1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-39567", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-10T13:51:36.791074Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-10T13:55:49.972Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:16.003Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-868282.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SINEMA Remote Connect Client", "vendor": "Siemens", "versions": [ { "lessThan": "V3.2 HF1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions \u003c V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 8.5, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:11.543Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-868282.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-39567", "datePublished": "2024-07-09T12:05:11.543Z", "dateReserved": "2024-06-25T15:55:17.885Z", "dateUpdated": "2024-08-02T04:26:16.003Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39876
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-02 04:33
Severity ?
4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
5.3 (Medium) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly handle log rotation. This could allow an unauthenticated remote attacker to cause a denial of service condition through resource exhaustion on the device.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | SINEMA Remote Connect Server |
Version: 0 < V3.2 SP1 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-39876", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-18T19:50:03.545280Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-22T21:15:19.338Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:33:10.743Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SINEMA Remote Connect Server", "vendor": "Siemens", "versions": [ { "lessThan": "V3.2 SP1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.2 SP1). Affected applications do not properly handle log rotation. This could allow an unauthenticated remote attacker to cause a denial of service condition through resource exhaustion on the device." } ], "metrics": [ { "cvssV3_1": { "baseScore": 4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:34.146Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-39876", "datePublished": "2024-07-09T12:05:34.146Z", "dateReserved": "2024-07-01T13:05:40.289Z", "dateUpdated": "2024-08-02T04:33:10.743Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39872
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-02 04:33
Severity ?
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:H
EPSS score ?
Summary
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the 'Manage firmware updates' role to escalate their privileges on the underlying OS level.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | SINEMA Remote Connect Server |
Version: 0 < V3.2 SP1 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "sinema_remote_connect_server", "vendor": "siemens", "versions": [ { "lessThan": "3.2_sp1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-39872", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-13T23:03:46.251890Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-13T23:05:04.811Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:33:11.019Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SINEMA Remote Connect Server", "vendor": "Siemens", "versions": [ { "lessThan": "V3.2 SP1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the \u0027Manage firmware updates\u0027 role to escalate their privileges on the underlying OS level." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.6, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 9.3, "baseSeverity": "CRITICAL", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:H/SA:H", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-378", "description": "CWE-378: Creation of Temporary File With Insecure Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:28.983Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-39872", "datePublished": "2024-07-09T12:05:28.983Z", "dateReserved": "2024-07-01T13:05:40.288Z", "dateUpdated": "2024-08-02T04:33:11.019Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-32055
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-02 02:06
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | Simcenter Femap |
Version: 0 < V2406 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ps_iges_parasolid_translator_component", "vendor": "siemens", "versions": [ { "lessThan": "v27.1.215 ", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32055", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T13:39:05.957521Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T17:16:23.985Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:06:43.268Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Simcenter Femap", "vendor": "Siemens", "versions": [ { "lessThan": "V2406", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Simcenter Femap (All versions \u003c V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:04:45.337Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-32055", "datePublished": "2024-05-14T10:02:28.591Z", "dateReserved": "2024-04-10T10:05:05.704Z", "dateUpdated": "2024-08-02T02:06:43.268Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-48795
Vulnerability from cvelistv5
Published
2023-12-18 00:00
Modified
2024-08-02 21:46
Severity ?
EPSS score ?
Summary
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
References
▼ | URL | Tags |
---|---|---|
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html | ||
https://matt.ucc.asn.au/dropbear/CHANGES | ||
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES | ||
https://www.netsarang.com/en/xshell-update-history/ | ||
https://www.paramiko.org/changelog.html | ||
https://www.openssh.com/openbsd.html | ||
https://github.com/openssh/openssh-portable/commits/master | ||
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ | ||
https://www.bitvise.com/ssh-server-version-history | ||
https://github.com/ronf/asyncssh/tags | ||
https://gitlab.com/libssh/libssh-mirror/-/tags | ||
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/ | ||
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42 | ||
https://www.openssh.com/txt/release-9.6 | ||
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/ | ||
https://www.terrapin-attack.com | ||
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25 | ||
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst | ||
https://thorntech.com/cve-2023-48795-and-sftp-gateway/ | ||
https://github.com/warp-tech/russh/releases/tag/v0.40.2 | ||
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0 | ||
https://www.openwall.com/lists/oss-security/2023/12/18/2 | ||
https://twitter.com/TrueSkrillor/status/1736774389725565005 | ||
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d | ||
https://github.com/paramiko/paramiko/issues/2337 | ||
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg | ||
https://news.ycombinator.com/item?id=38684904 | ||
https://news.ycombinator.com/item?id=38685286 | ||
http://www.openwall.com/lists/oss-security/2023/12/18/3 | mailing-list | |
https://github.com/mwiede/jsch/issues/457 | ||
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6 | ||
https://github.com/erlang/otp/releases/tag/OTP-26.2.1 | ||
https://github.com/advisories/GHSA-45x7-px36-x8w8 | ||
https://security-tracker.debian.org/tracker/source-package/libssh2 | ||
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg | ||
https://security-tracker.debian.org/tracker/CVE-2023-48795 | ||
https://bugzilla.suse.com/show_bug.cgi?id=1217950 | ||
https://bugzilla.redhat.com/show_bug.cgi?id=2254210 | ||
https://bugs.gentoo.org/920280 | ||
https://ubuntu.com/security/CVE-2023-48795 | ||
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/ | ||
https://access.redhat.com/security/cve/cve-2023-48795 | ||
https://github.com/mwiede/jsch/pull/461 | ||
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6 | ||
https://github.com/libssh2/libssh2/pull/1291 | ||
https://forum.netgate.com/topic/184941/terrapin-ssh-attack | ||
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5 | ||
https://github.com/rapier1/hpn-ssh/releases | ||
https://github.com/proftpd/proftpd/issues/456 | ||
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1 | ||
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15 | ||
https://oryx-embedded.com/download/#changelog | ||
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update | ||
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22 | ||
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab | ||
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3 | ||
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC | ||
https://crates.io/crates/thrussh/versions | ||
https://github.com/NixOS/nixpkgs/pull/275249 | ||
http://www.openwall.com/lists/oss-security/2023/12/19/5 | mailing-list | |
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc | ||
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/ | ||
http://www.openwall.com/lists/oss-security/2023/12/20/3 | mailing-list | |
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html | ||
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES | ||
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES | ||
https://github.com/apache/mina-sshd/issues/445 | ||
https://github.com/hierynomus/sshj/issues/916 | ||
https://github.com/janmojzis/tinyssh/issues/81 | ||
https://www.openwall.com/lists/oss-security/2023/12/20/3 | ||
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2 | ||
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16 | ||
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/ | vendor-advisory | |
https://www.debian.org/security/2023/dsa-5586 | vendor-advisory | |
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508 | ||
https://www.theregister.com/2023/12/20/terrapin_attack_ssh | ||
https://filezilla-project.org/versions.php | ||
https://nova.app/releases/#v11.8 | ||
https://roumenpetrov.info/secsh/#news20231220 | ||
https://www.vandyke.com/products/securecrt/history.txt | ||
https://help.panic.com/releasenotes/transmit5/ | ||
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta | ||
https://github.com/PowerShell/Win32-OpenSSH/issues/2189 | ||
https://winscp.net/eng/docs/history#6.2.2 | ||
https://www.bitvise.com/ssh-client-version-history#933 | ||
https://github.com/cyd01/KiTTY/issues/520 | ||
https://www.debian.org/security/2023/dsa-5588 | vendor-advisory | |
https://github.com/ssh-mitm/ssh-mitm/issues/165 | ||
https://news.ycombinator.com/item?id=38732005 | ||
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html | mailing-list | |
https://security.gentoo.org/glsa/202312-16 | vendor-advisory | |
https://security.gentoo.org/glsa/202312-17 | vendor-advisory | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/ | vendor-advisory | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/ | vendor-advisory | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/ | vendor-advisory | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/ | vendor-advisory | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/ | vendor-advisory | |
https://security.netapp.com/advisory/ntap-20240105-0004/ | ||
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/ | vendor-advisory | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ | vendor-advisory | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/ | vendor-advisory | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/ | vendor-advisory | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/ | vendor-advisory | |
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002 | ||
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/ | vendor-advisory | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/ | vendor-advisory | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/ | vendor-advisory | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/ | vendor-advisory | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/ | vendor-advisory | |
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html | mailing-list | |
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html | mailing-list | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/ | vendor-advisory | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/ | vendor-advisory | |
https://support.apple.com/kb/HT214084 | ||
http://seclists.org/fulldisclosure/2024/Mar/21 | mailing-list | |
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html | mailing-list | |
http://www.openwall.com/lists/oss-security/2024/04/17/8 | mailing-list | |
http://www.openwall.com/lists/oss-security/2024/03/06/3 | mailing-list |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:46:27.255Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html" }, { "tags": [ "x_transferred" ], "url": "https://matt.ucc.asn.au/dropbear/CHANGES" }, { "tags": [ "x_transferred" ], "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES" }, { "tags": [ "x_transferred" ], "url": "https://www.netsarang.com/en/xshell-update-history/" }, { "tags": [ "x_transferred" ], "url": "https://www.paramiko.org/changelog.html" }, { "tags": [ "x_transferred" ], "url": "https://www.openssh.com/openbsd.html" }, { "tags": [ "x_transferred" ], "url": "https://github.com/openssh/openssh-portable/commits/master" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ" }, { "tags": [ "x_transferred" ], "url": "https://www.bitvise.com/ssh-server-version-history" }, { "tags": [ "x_transferred" ], "url": "https://github.com/ronf/asyncssh/tags" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libssh/libssh-mirror/-/tags" }, { "tags": [ "x_transferred" ], "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42" }, { "tags": [ "x_transferred" ], "url": "https://www.openssh.com/txt/release-9.6" }, { "tags": [ "x_transferred" ], "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/" }, { "tags": [ "x_transferred" ], "url": "https://www.terrapin-attack.com" }, { "tags": [ "x_transferred" ], "url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25" }, { "tags": [ "x_transferred" ], "url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst" }, { "tags": [ "x_transferred" ], "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2" }, { "tags": [ "x_transferred" ], "url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2" }, { "tags": [ "x_transferred" ], "url": "https://twitter.com/TrueSkrillor/status/1736774389725565005" }, { "tags": [ "x_transferred" ], "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d" }, { "tags": [ "x_transferred" ], "url": "https://github.com/paramiko/paramiko/issues/2337" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=38684904" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=38685286" }, { "name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3" }, { "tags": [ "x_transferred" ], "url": "https://github.com/mwiede/jsch/issues/457" }, { "tags": [ "x_transferred" ], "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6" }, { "tags": [ "x_transferred" ], "url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1" }, { "tags": [ "x_transferred" ], "url": "https://github.com/advisories/GHSA-45x7-px36-x8w8" }, { "tags": [ "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/source-package/libssh2" }, { "tags": [ "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg" }, { "tags": [ "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/CVE-2023-48795" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "tags": [ "x_transferred" ], "url": "https://bugs.gentoo.org/920280" }, { "tags": [ "x_transferred" ], "url": "https://ubuntu.com/security/CVE-2023-48795" }, { "tags": [ "x_transferred" ], "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/" }, { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/cve-2023-48795" }, { "tags": [ "x_transferred" ], "url": "https://github.com/mwiede/jsch/pull/461" }, { "tags": [ "x_transferred" ], "url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6" }, { "tags": [ "x_transferred" ], "url": "https://github.com/libssh2/libssh2/pull/1291" }, { "tags": [ "x_transferred" ], "url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack" }, { "tags": [ "x_transferred" ], "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5" }, { "tags": [ "x_transferred" ], "url": "https://github.com/rapier1/hpn-ssh/releases" }, { "tags": [ "x_transferred" ], "url": "https://github.com/proftpd/proftpd/issues/456" }, { "tags": [ "x_transferred" ], "url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1" }, { "tags": [ "x_transferred" ], "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15" }, { "tags": [ "x_transferred" ], "url": "https://oryx-embedded.com/download/#changelog" }, { "tags": [ "x_transferred" ], "url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update" }, { "tags": [ "x_transferred" ], "url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22" }, { "tags": [ "x_transferred" ], "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab" }, { "tags": [ "x_transferred" ], "url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3" }, { "tags": [ "x_transferred" ], "url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC" }, { "tags": [ "x_transferred" ], "url": "https://crates.io/crates/thrussh/versions" }, { "tags": [ "x_transferred" ], "url": "https://github.com/NixOS/nixpkgs/pull/275249" }, { "name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/19/5" }, { "tags": [ "x_transferred" ], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc" }, { "tags": [ "x_transferred" ], "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/" }, { "name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/20/3" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html" }, { "tags": [ "x_transferred" ], "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES" }, { "tags": [ "x_transferred" ], "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES" }, { "tags": [ "x_transferred" ], "url": "https://github.com/apache/mina-sshd/issues/445" }, { "tags": [ "x_transferred" ], "url": "https://github.com/hierynomus/sshj/issues/916" }, { "tags": [ "x_transferred" ], "url": "https://github.com/janmojzis/tinyssh/issues/81" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3" }, { "tags": [ "x_transferred" ], "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2" }, { "tags": [ "x_transferred" ], "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16" }, { "name": "FEDORA-2023-0733306be9", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/" }, { "name": "DSA-5586", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5586" }, { "tags": [ "x_transferred" ], "url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508" }, { "tags": [ "x_transferred" ], "url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh" }, { "tags": [ "x_transferred" ], "url": "https://filezilla-project.org/versions.php" }, { "tags": [ "x_transferred" ], "url": "https://nova.app/releases/#v11.8" }, { "tags": [ "x_transferred" ], "url": "https://roumenpetrov.info/secsh/#news20231220" }, { "tags": [ "x_transferred" ], "url": "https://www.vandyke.com/products/securecrt/history.txt" }, { "tags": [ "x_transferred" ], "url": "https://help.panic.com/releasenotes/transmit5/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta" }, { "tags": [ "x_transferred" ], "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189" }, { "tags": [ "x_transferred" ], "url": "https://winscp.net/eng/docs/history#6.2.2" }, { "tags": [ "x_transferred" ], "url": "https://www.bitvise.com/ssh-client-version-history#933" }, { "tags": [ "x_transferred" ], "url": "https://github.com/cyd01/KiTTY/issues/520" }, { "name": "DSA-5588", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5588" }, { "tags": [ "x_transferred" ], "url": "https://github.com/ssh-mitm/ssh-mitm/issues/165" }, { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=38732005" }, { "name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html" }, { "name": "GLSA-202312-16", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202312-16" }, { "name": "GLSA-202312-17", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202312-17" }, { "name": "FEDORA-2023-20feb865d8", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/" }, { "name": "FEDORA-2023-cb8c606fbb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/" }, { "name": "FEDORA-2023-e77300e4b5", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/" }, { "name": "FEDORA-2023-b87ec6cf47", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/" }, { "name": "FEDORA-2023-153404713b", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240105-0004/" }, { "name": "FEDORA-2024-3bb23c77f3", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/" }, { "name": "FEDORA-2023-55800423a8", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/" }, { "name": "FEDORA-2024-d946b9ad25", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/" }, { "name": "FEDORA-2024-71c2c6526c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/" }, { "name": "FEDORA-2024-39a8c72ea9", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/" }, { "tags": [ "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002" }, { "name": "FEDORA-2024-ae653fb07b", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/" }, { "name": "FEDORA-2024-2705241461", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/" }, { "name": "FEDORA-2024-fb32950d11", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/" }, { "name": "FEDORA-2024-7b08207cdb", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/" }, { "name": "FEDORA-2024-06ebb70bdd", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/" }, { "name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html" }, { "name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html" }, { "name": "FEDORA-2024-a53b24023d", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/" }, { "name": "FEDORA-2024-3fd1bc9276", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214084" }, { "name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Mar/21" }, { "name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html" }, { "name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/17/8" }, { "name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/06/3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-01T18:06:23.972272", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html" }, { "url": "https://matt.ucc.asn.au/dropbear/CHANGES" }, { "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES" }, { "url": "https://www.netsarang.com/en/xshell-update-history/" }, { "url": "https://www.paramiko.org/changelog.html" }, { "url": "https://www.openssh.com/openbsd.html" }, { "url": "https://github.com/openssh/openssh-portable/commits/master" }, { "url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ" }, { "url": "https://www.bitvise.com/ssh-server-version-history" }, { "url": "https://github.com/ronf/asyncssh/tags" }, { "url": "https://gitlab.com/libssh/libssh-mirror/-/tags" }, { "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/" }, { "url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42" }, { "url": "https://www.openssh.com/txt/release-9.6" }, { "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/" }, { "url": "https://www.terrapin-attack.com" }, { "url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25" }, { "url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst" }, { "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/" }, { "url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2" }, { "url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0" }, { "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2" }, { "url": "https://twitter.com/TrueSkrillor/status/1736774389725565005" }, { "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d" }, { "url": "https://github.com/paramiko/paramiko/issues/2337" }, { "url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg" }, { "url": "https://news.ycombinator.com/item?id=38684904" }, { "url": "https://news.ycombinator.com/item?id=38685286" }, { "name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3" }, { "url": "https://github.com/mwiede/jsch/issues/457" }, { "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6" }, { "url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1" }, { "url": "https://github.com/advisories/GHSA-45x7-px36-x8w8" }, { "url": "https://security-tracker.debian.org/tracker/source-package/libssh2" }, { "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg" }, { "url": "https://security-tracker.debian.org/tracker/CVE-2023-48795" }, { "url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "url": "https://bugs.gentoo.org/920280" }, { "url": "https://ubuntu.com/security/CVE-2023-48795" }, { "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/" }, { "url": "https://access.redhat.com/security/cve/cve-2023-48795" }, { "url": "https://github.com/mwiede/jsch/pull/461" }, { "url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6" }, { "url": "https://github.com/libssh2/libssh2/pull/1291" }, { "url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack" }, { "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5" }, { "url": "https://github.com/rapier1/hpn-ssh/releases" }, { "url": "https://github.com/proftpd/proftpd/issues/456" }, { "url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1" }, { "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15" }, { "url": "https://oryx-embedded.com/download/#changelog" }, { "url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update" }, { "url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22" }, { "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab" }, { "url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3" }, { "url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC" }, { "url": "https://crates.io/crates/thrussh/versions" }, { "url": "https://github.com/NixOS/nixpkgs/pull/275249" }, { "name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/19/5" }, { "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc" }, { "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/" }, { "name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/20/3" }, { "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html" }, { "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES" }, { "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES" }, { "url": "https://github.com/apache/mina-sshd/issues/445" }, { "url": "https://github.com/hierynomus/sshj/issues/916" }, { "url": "https://github.com/janmojzis/tinyssh/issues/81" }, { "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3" }, { "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2" }, { "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16" }, { "name": "FEDORA-2023-0733306be9", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/" }, { "name": "DSA-5586", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5586" }, { "url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508" }, { "url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh" }, { "url": "https://filezilla-project.org/versions.php" }, { "url": "https://nova.app/releases/#v11.8" }, { "url": "https://roumenpetrov.info/secsh/#news20231220" }, { "url": "https://www.vandyke.com/products/securecrt/history.txt" }, { "url": "https://help.panic.com/releasenotes/transmit5/" }, { "url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta" }, { "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189" }, { "url": "https://winscp.net/eng/docs/history#6.2.2" }, { "url": "https://www.bitvise.com/ssh-client-version-history#933" }, { "url": "https://github.com/cyd01/KiTTY/issues/520" }, { "name": "DSA-5588", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5588" }, { "url": "https://github.com/ssh-mitm/ssh-mitm/issues/165" }, { "url": "https://news.ycombinator.com/item?id=38732005" }, { "name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html" }, { "name": "GLSA-202312-16", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202312-16" }, { "name": "GLSA-202312-17", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202312-17" }, { "name": "FEDORA-2023-20feb865d8", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/" }, { "name": "FEDORA-2023-cb8c606fbb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/" }, { "name": "FEDORA-2023-e77300e4b5", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/" }, { "name": "FEDORA-2023-b87ec6cf47", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/" }, { "name": "FEDORA-2023-153404713b", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/" }, { "url": "https://security.netapp.com/advisory/ntap-20240105-0004/" }, { "name": "FEDORA-2024-3bb23c77f3", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/" }, { "name": "FEDORA-2023-55800423a8", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/" }, { "name": "FEDORA-2024-d946b9ad25", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/" }, { "name": "FEDORA-2024-71c2c6526c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/" }, { "name": "FEDORA-2024-39a8c72ea9", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/" }, { "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002" }, { "name": "FEDORA-2024-ae653fb07b", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/" }, { "name": "FEDORA-2024-2705241461", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/" }, { "name": "FEDORA-2024-fb32950d11", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/" }, { "name": "FEDORA-2024-7b08207cdb", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/" }, { "name": "FEDORA-2024-06ebb70bdd", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/" }, { "name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html" }, { "name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html" }, { "name": "FEDORA-2024-a53b24023d", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/" }, { "name": "FEDORA-2024-3fd1bc9276", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/" }, { "url": "https://support.apple.com/kb/HT214084" }, { "name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2024/Mar/21" }, { "name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html" }, { "name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/17/8" }, { "name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/06/3" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-48795", "datePublished": "2023-12-18T00:00:00", "dateReserved": "2023-11-20T00:00:00", "dateUpdated": "2024-08-02T21:46:27.255Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-52238
Vulnerability from cvelistv5
Published
2024-07-09 12:04
Modified
2024-08-02 22:55
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in RUGGEDCOM RST2228 (All versions < V5.9.0), RUGGEDCOM RST2228P (All versions < V5.9.0). The web server of the affected systems leaks the MACSEC key in clear text to a logged in user. An attacker with the credentials of a low privileged user could retrieve the MACSEC key and access (decrypt) the ethernet frames sent by authorized recipients.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Siemens | RUGGEDCOM RST2228 |
Version: 0 < V5.9.0 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-52238", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-15T21:30:22.503826Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-15T21:30:31.915Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T22:55:41.449Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-170375.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM RST2228", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RST2228P", "vendor": "Siemens", "versions": [ { "lessThan": "V5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM RST2228 (All versions \u003c V5.9.0), RUGGEDCOM RST2228P (All versions \u003c V5.9.0). The web server of the affected systems leaks the MACSEC key in clear text to a logged in user. An attacker with the credentials of a low privileged user could retrieve the MACSEC key and access (decrypt) the ethernet frames sent by authorized recipients." } ], "metrics": [ { "cvssV3_1": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 2.3, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:04:40.975Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-170375.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-52238", "datePublished": "2024-07-09T12:04:40.975Z", "dateReserved": "2023-12-29T16:54:27.071Z", "dateUpdated": "2024-08-02T22:55:41.449Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39571
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-02 04:26
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading SNMP configurations. This could allow an attacker with the right to modify the SNMP configuration to execute arbitrary code with root privileges.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | SINEMA Remote Connect Server |
Version: 0 < V3.2 HF1 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinema_remote_connect_server", "vendor": "siemens", "versions": [ { "lessThan": "3.2_hf1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-39571", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T14:05:56.228289Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T14:08:21.515Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:15.966Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-928781.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SINEMA Remote Connect Server", "vendor": "Siemens", "versions": [ { "lessThan": "V3.2 HF1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading SNMP configurations. This could allow an attacker with the right to modify the SNMP configuration to execute arbitrary code with root privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:16.650Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-928781.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-39571", "datePublished": "2024-07-09T12:05:16.650Z", "dateReserved": "2024-06-25T15:55:17.885Z", "dateUpdated": "2024-08-02T04:26:15.966Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-32058
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-02 02:06
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application is vulnerable to memory corruption while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21563)
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | Simcenter Femap |
Version: 0 < V2406 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ps_iges_parasolid_translator_component", "vendor": "siemens", "versions": [ { "lessThan": "v27.1.215 ", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32058", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T13:38:49.239778Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T17:17:08.359Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:06:43.439Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Simcenter Femap", "vendor": "Siemens", "versions": [ { "lessThan": "V2406", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Simcenter Femap (All versions \u003c V2406). The affected application is vulnerable to memory corruption while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21563)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:04:49.292Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-32058", "datePublished": "2024-05-14T10:02:31.096Z", "dateReserved": "2024-04-10T10:05:05.704Z", "dateUpdated": "2024-08-02T02:06:43.439Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-33653
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-02 02:36
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | Simcenter Femap |
Version: 0 < V2406 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:simcenter_femap:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simcenter_femap", "vendor": "siemens", "versions": [ { "lessThan": "v2406", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-33653", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T13:24:41.569853Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T13:35:51.112Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:36:04.550Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Simcenter Femap", "vendor": "Siemens", "versions": [ { "lessThan": "V2406", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Simcenter Femap (All versions \u003c V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted BMP files. This could allow an attacker to execute code in the context of the current process." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:02.168Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-33653", "datePublished": "2024-07-09T12:05:02.168Z", "dateReserved": "2024-04-25T09:55:59.241Z", "dateUpdated": "2024-08-02T02:36:04.550Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39870
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-02 04:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected applications can be configured to allow users to manage own users. A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | SINEMA Remote Connect Server |
Version: 0 < V3.2 SP1 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-39870", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T13:21:04.106215Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T13:21:11.478Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:33:10.884Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SINEMA Remote Connect Server", "vendor": "Siemens", "versions": [ { "lessThan": "V3.2 SP1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.2 SP1). The affected applications can be configured to allow users to manage own users. A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-602", "description": "CWE-602: Client-Side Enforcement of Server-Side Security", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:26.376Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-39870", "datePublished": "2024-07-09T12:05:26.376Z", "dateReserved": "2024-07-01T13:05:40.288Z", "dateUpdated": "2024-08-02T04:33:10.884Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32260
Vulnerability from cvelistv5
Published
2022-06-14 09:22
Modified
2024-08-03 07:39
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | SINEMA Remote Connect Server |
Version: 0 < V3.2 SP1 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2022-32260", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T18:05:15.415473Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T18:05:33.739Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T07:39:50.426Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SINEMA Remote Connect Server", "vendor": "Siemens", "versions": [ { "lessThan": "V3.2 SP1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios." } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-286", "description": "CWE-286: Incorrect User Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:04:18.126Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-32260", "datePublished": "2022-06-14T09:22:14", "dateReserved": "2022-06-02T00:00:00", "dateUpdated": "2024-08-03T07:39:50.426Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39568
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-02 04:26
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | SINEMA Remote Connect Client |
Version: 0 < V3.2 HF1 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:sinema_remote_connect_client:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinema_remote_connect_client", "vendor": "siemens", "versions": [ { "lessThan": "v3.2HF1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-39568", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-23T13:43:31.750107Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-23T13:45:05.021Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:15.966Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-868282.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SINEMA Remote Connect Client", "vendor": "Siemens", "versions": [ { "lessThan": "V3.2 HF1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions \u003c V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 8.5, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:12.815Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-868282.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-39568", "datePublished": "2024-07-09T12:05:12.815Z", "dateReserved": "2024-06-25T15:55:17.885Z", "dateUpdated": "2024-08-02T04:26:15.966Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39869
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-02 04:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected products allow to upload certificates. An authenticated attacker could upload a crafted certificates leading to a permanent denial-of-service situation. In order to recover from such an attack, the offending certificate needs to be removed manually.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | SINEMA Remote Connect Server |
Version: 0 < V3.2 SP1 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-39869", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-23T13:42:57.283885Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-23T13:43:06.607Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:33:10.259Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SINEMA Remote Connect Server", "vendor": "Siemens", "versions": [ { "lessThan": "V3.2 SP1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.2 SP1). Affected products allow to upload certificates. An authenticated attacker could upload a crafted certificates leading to a permanent denial-of-service situation. In order to recover from such an attack, the offending certificate needs to be removed manually." } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-754", "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:25.089Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-39869", "datePublished": "2024-07-09T12:05:25.089Z", "dateReserved": "2024-07-01T13:05:40.288Z", "dateUpdated": "2024-08-02T04:33:10.259Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39871
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-02 04:33
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly separate the rights to edit device settings and to edit settings for communication relations. This could allow an authenticated attacker with the permission to manage devices to gain access to participant groups that the attacked does not belong to.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | SINEMA Remote Connect Server |
Version: 0 < V3.2 SP1 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-39871", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T13:57:50.987645Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T13:57:57.530Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:33:11.389Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SINEMA Remote Connect Server", "vendor": "Siemens", "versions": [ { "lessThan": "V3.2 SP1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.2 SP1). Affected applications do not properly separate the rights to edit device settings and to edit settings for communication relations. This could allow an authenticated attacker with the permission to manage devices to gain access to participant groups that the attacked does not belong to." } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:27.689Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-39871", "datePublished": "2024-07-09T12:05:27.689Z", "dateReserved": "2024-07-01T13:05:40.288Z", "dateUpdated": "2024-08-02T04:33:11.389Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-32065
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-02 02:06
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21577)
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | Simcenter Femap |
Version: 0 < V2406 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ps_iges_parasolid_translator_component", "vendor": "siemens", "versions": [ { "lessThan": "v27.1.215 ", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32065", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T13:38:07.362073Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T17:19:42.491Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:06:43.302Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Simcenter Femap", "vendor": "Siemens", "versions": [ { "lessThan": "V2406", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Simcenter Femap (All versions \u003c V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21577)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:04:58.347Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-32065", "datePublished": "2024-05-14T10:02:39.804Z", "dateReserved": "2024-04-10T10:05:05.705Z", "dateUpdated": "2024-08-02T02:06:43.302Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-23111
Vulnerability from cvelistv5
Published
2024-06-11 14:32
Modified
2024-08-19 05:18
Severity ?
EPSS score ?
Summary
An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Fortinet | FortiOS |
Version: 7.4.0 ≤ 7.4.2 Version: 7.2.0 ≤ 7.2.6 Version: 7.0.0 ≤ 7.0.13 |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortiproxy", "vendor": "fortinet", "versions": [ { "lessThan": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "custom" }, { "lessThan": "7.2.8", "status": "affected", "version": "7.2.0", "versionType": "custom" }, { "lessThan": "7.0.14", "status": "affected", "version": "7.0.0", "versionType": "custom" }, { "lessThan": "2.1.0", "status": "affected", "version": "2.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "fortios", "vendor": "fortinet", "versions": [ { "lessThan": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "custom" }, { "lessThan": "7.2.7", "status": "affected", "version": "7.2.0", "versionType": "custom" }, { "lessThan": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "custom" }, { "lessThan": "6.5.0", "status": "affected", "version": "6.4.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-23111", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-12T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T03:55:22.809Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:51:11.306Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-471", "tags": [ "x_transferred" ], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-471" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "FortiOS", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.6", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.13", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] }, { "defaultStatus": "unaffected", "product": "FortiProxy", "vendor": "Fortinet", "versions": [ { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "semver" }, { "lessThanOrEqual": "7.2.8", "status": "affected", "version": "7.2.0", "versionType": "semver" }, { "lessThanOrEqual": "7.0.14", "status": "affected", "version": "7.0.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "An improper neutralization of input during web page Generation (\u0027Cross-site Scripting\u0027) vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Execute unauthorized code or commands", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-19T05:18:38.679Z", "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet" }, "references": [ { "name": "https://fortiguard.fortinet.com/psirt/FG-IR-23-471", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-471" } ], "solutions": [ { "lang": "en", "value": "Please upgrade to FortiOS version 7.4.4 or above \nPlease upgrade to FortiOS version 7.2.8 or above \nPlease upgrade to FortiOS version 7.0.14 or above \nPlease upgrade to FortiProxy version 7.4.3 or above \nPlease upgrade to FortiProxy version 7.2.9 or above \nPlease upgrade to FortiProxy version 7.0.15 or above" } ] } }, "cveMetadata": { "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "assignerShortName": "fortinet", "cveId": "CVE-2024-23111", "datePublished": "2024-06-11T14:32:00.312Z", "dateReserved": "2024-01-11T16:29:07.979Z", "dateUpdated": "2024-08-19T05:18:38.679Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-32059
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-02 02:06
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21564)
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | Simcenter Femap |
Version: 0 < V2406 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ps_iges_parasolid_translator_component", "vendor": "siemens", "versions": [ { "lessThan": "v27.1.215 ", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32059", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T13:16:55.326174Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T17:16:53.779Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:06:43.256Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Simcenter Femap", "vendor": "Siemens", "versions": [ { "lessThan": "V2406", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Simcenter Femap (All versions \u003c V2406). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21564)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:04:50.584Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-32059", "datePublished": "2024-05-14T10:02:32.317Z", "dateReserved": "2024-04-10T10:05:05.704Z", "dateUpdated": "2024-08-02T02:06:43.256Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-32063
Vulnerability from cvelistv5
Published
2024-05-14 10:02
Modified
2024-08-02 02:06
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.3 (High) - CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Simcenter Femap (All versions < V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21573)
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | Simcenter Femap |
Version: 0 < V2406 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:ps_iges_parasolid_translator_component:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ps_iges_parasolid_translator_component", "vendor": "siemens", "versions": [ { "lessThan": "v27.1.215 ", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-32063", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T13:38:24.098837Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T17:19:14.241Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T02:06:43.856Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Simcenter Femap", "vendor": "Siemens", "versions": [ { "lessThan": "V2406", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Simcenter Femap (All versions \u003c V2406). The affected application contains a type confusion vulnerability while parsing IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21573)" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-843", "description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:04:55.664Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-976324.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-064222.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-32063", "datePublished": "2024-05-14T10:02:37.332Z", "dateReserved": "2024-04-10T10:05:05.705Z", "dateUpdated": "2024-08-02T02:06:43.856Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-37996
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-10-08 08:40
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in JT Open (All versions < V11.5), JT2Go (All versions < V2406.0003), PLM XML SDK (All versions < V7.1.0.014), Teamcenter Visualization V14.2 (All versions < V14.2.0.13), Teamcenter Visualization V14.3 (All versions < V14.3.0.11), Teamcenter Visualization V2312 (All versions < V2312.0008), Teamcenter Visualization V2406 (All versions < V2406.0003). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XML files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | JT Open |
Version: 0 < V11.5 |
||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-37996", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-15T18:31:15.685735Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-15T18:31:24.493Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:04:24.762Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-824889.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "JT Open", "vendor": "Siemens", "versions": [ { "lessThan": "V11.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "JT2Go", "vendor": "Siemens", "versions": [ { "lessThan": "V2406.0003", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "PLM XML SDK", "vendor": "Siemens", "versions": [ { "lessThan": "V7.1.0.014", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.2", "vendor": "Siemens", "versions": [ { "lessThan": "V14.2.0.13", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V14.3", "vendor": "Siemens", "versions": [ { "lessThan": "V14.3.0.11", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2312", "vendor": "Siemens", "versions": [ { "lessThan": "V2312.0008", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "Teamcenter Visualization V2406", "vendor": "Siemens", "versions": [ { "lessThan": "V2406.0003", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in JT Open (All versions \u003c V11.5), JT2Go (All versions \u003c V2406.0003), PLM XML SDK (All versions \u003c V7.1.0.014), Teamcenter Visualization V14.2 (All versions \u003c V14.2.0.13), Teamcenter Visualization V14.3 (All versions \u003c V14.3.0.11), Teamcenter Visualization V2312 (All versions \u003c V2312.0008), Teamcenter Visualization V2406 (All versions \u003c V2406.0003). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XML files. An attacker could leverage this vulnerability to crash the application causing denial of service condition." } ], "metrics": [ { "cvssV3_1": { "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476: NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-08T08:40:13.781Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-824889.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-959281.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-37996", "datePublished": "2024-07-09T12:05:04.781Z", "dateReserved": "2024-06-11T08:32:52.184Z", "dateUpdated": "2024-10-08T08:40:13.781Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-32737
Vulnerability from cvelistv5
Published
2024-07-09 12:04
Modified
2024-08-02 15:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC STEP 7 Safety V18 (All versions < V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.
This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | SIMATIC STEP 7 Safety V18 |
Version: 0 < V18 Update 2 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:simatic_step_7:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_step_7", "vendor": "siemens", "versions": [ { "lessThan": "18", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-32737", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T13:30:19.087742Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T13:35:36.017Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T15:25:36.731Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-313039.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC STEP 7 Safety V18", "vendor": "Siemens", "versions": [ { "lessThan": "V18 Update 2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC STEP 7 Safety V18 (All versions \u003c V18 Update 2). Affected applications do not properly restrict the .NET BinaryFormatter when deserializing user-controllable input. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application.\r\n\r\nThis is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300." } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "CWE-502: Deserialization of Untrusted Data", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:04:28.195Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-313039.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-32737", "datePublished": "2024-07-09T12:04:28.195Z", "dateReserved": "2023-05-12T13:16:47.721Z", "dateUpdated": "2024-08-02T15:25:36.731Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-52891
Vulnerability from cvelistv5
Published
2024-07-09 12:04
Modified
2024-08-02 23:18
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.5), SIMATIC Energy Manager PRO (All versions < V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions < V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Siemens | SIMATIC Energy Manager Basic |
Version: 0 < V7.5 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:simatic_energy_manager_basic:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_energy_manager_basic", "vendor": "siemens", "versions": [ { "lessThan": "V7.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:simatic_energy_manager_pro:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_energy_manager_pro", "vendor": "siemens", "versions": [ { "lessThan": "V7.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_ipc_diagbase:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_ipc_diagbase", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:h:siemens:simatic_ipc_diagmonitor:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simatic_ipc_diagmonitor", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:simit_v10:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simit_v10", "vendor": "siemens", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:siemens:simit_v11:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "simit_v11", "vendor": "siemens", "versions": [ { "lessThan": "V11.1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-52891", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T13:26:14.481281Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T13:41:12.246Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T23:18:41.378Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-088132.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC Energy Manager Basic", "vendor": "Siemens", "versions": [ { "lessThan": "V7.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC Energy Manager PRO", "vendor": "Siemens", "versions": [ { "lessThan": "V7.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC IPC DiagBase", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC IPC DiagMonitor", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMIT V10", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMIT V11", "vendor": "Siemens", "versions": [ { "lessThan": "V11.1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions \u003c V7.5), SIMATIC Energy Manager PRO (All versions \u003c V7.5), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIMIT V10 (All versions), SIMIT V11 (All versions \u003c V11.1). Unified Automation .NET based OPC UA Server SDK before 3.2.2 used in Siemens products are affected by a similar vulnerability as documented in CVE-2023-27321 for the OPC Foundation UA .NET Standard implementation. A successful attack may lead to high load situation and memory exhaustion, and may block the server." } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1325", "description": "CWE-1325: Improperly Controlled Sequential Memory Allocation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:04:42.619Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-088132.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-52891", "datePublished": "2024-07-09T12:04:42.619Z", "dateReserved": "2024-06-21T15:06:40.772Z", "dateUpdated": "2024-08-02T23:18:41.378Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39570
Vulnerability from cvelistv5
Published
2024-07-09 12:05
Modified
2024-08-02 04:26
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading VxLAN configurations. This could allow an authenticated attacker to execute arbitrary code with root privileges.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Siemens | SINEMA Remote Connect Server |
Version: 0 < V3.2 HF1 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sinema_remote_connect_server", "vendor": "siemens", "versions": [ { "lessThan": "V3.2 HF1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-39570", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-09T14:37:14.600237Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-10T21:19:33.928Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:15.965Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-928781.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SINEMA Remote Connect Server", "vendor": "Siemens", "versions": [ { "lessThan": "V3.2 HF1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading VxLAN configurations. This could allow an authenticated attacker to execute arbitrary code with root privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-09T12:05:15.385Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-928781.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2024-39570", "datePublished": "2024-07-09T12:05:15.385Z", "dateReserved": "2024-06-25T15:55:17.885Z", "dateUpdated": "2024-08-02T04:26:15.965Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.