SCA-2022-0012

Vulnerability from csaf_sick - Published: 2022-08-08 13:00 - Updated: 2022-08-03 13:00
Summary
OpenSSL vulnerability affects multiple SICK SIMs
Notes
In March 2022, the OpenSSL development team disclosed a denial of service in versions "3.0.0," "3.0.1," "1.1.1"-"1.1.1m" and "1.0.2-1.0.2zc" of the OpenSSL library. Exploiting this vulnerability allows remote, unauthenticated attackers to cause an infinite loop. It is possible to trigger the infinite loop by creating a certificate that has invalid explicit curve parameters or when parsing created private keys, as they may contain explicit elliptic curve parameters. It may be possible to put the SIMs in a non-responsive state since 100% of the CPU resource is consumed by the infinite loop calculation. The listed SICK SIM products are currently operated with an OpenSSL version that is vulnerable to CVE-2022-0778. With that it could be possible to exploit the mentioned vulnerability if the SIM devices are connected to a network with untrusted devices. In that case an untrusted client may send a manipulated SSH-certificate to the SIM, which exploits the vulnerability in the OpenSSL library as described above when it comes to the certificate validation by the SIM product. Evaluation is undergoing.
General Security Measures: As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification: SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
CVE-2022-0778

Description of the original advisory from OpenSSL: “The OpenSSL BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial-of-service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters.”

7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
None Available The recommended solution will be the update of the firmware to a version >= 1.10.2 (release not yet scheduled). Please see “Workaround”.
Vendor Fix The recommended solution is to update the firmware to a version >= 1.2.0 as soon as possible.
Vendor Fix The recommended solution is to update the firmware to a version >= 1.7.0 as soon as possible.
None Available The recommended solution will be the update of the firmware to a version >= 1.7.1 (release not yet scheduled). Please see “Workaround”.
None Available The recommended solution will be the update of the firmware to a version >= 1.13.3 (release not yet scheduled).
None Available The recommended solution will be the update of the firmware to a version >= 2.1.0 (in progress, release not yet scheduled).
None Available The recommended solution will be the update of the firmware to a version >= 2.0.0 (in progress, release not yet scheduled).
None Available The recommended solution will be the update of the firmware to a version >= 1.6.0 (in progress, release not yet scheduled).
Workaround In the runtime context of an SIM application, the SSH access should not be required at all, it is recommended as a workaround to disable port 22 (SSH) of the corresponding Ethernet port at the SIM via App (Firewall-API).
References
To clipboard 

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "In March 2022, the OpenSSL development team disclosed a denial of service in versions \"3.0.0,\" \"3.0.1,\" \"1.1.1\"-\"1.1.1m\" and \"1.0.2-1.0.2zc\" of the OpenSSL library. Exploiting this vulnerability allows remote, unauthenticated attackers to cause an infinite loop. It is possible to trigger the infinite loop by creating a certificate that has invalid explicit curve parameters or when parsing created private keys, as they may contain explicit elliptic curve parameters. It may be possible to put the SIMs in a non-responsive state since 100% of the CPU resource is consumed by the infinite loop calculation.\nThe listed SICK SIM products are currently operated with an OpenSSL version that is vulnerable to CVE-2022-0778. With that it could be possible to exploit the mentioned vulnerability if the SIM devices are connected to a network with untrusted devices. \nIn that case an untrusted client may send a manipulated SSH-certificate to the SIM, which exploits the vulnerability in the OpenSSL library as described above when it comes to the certificate validation by the SIM product. \nEvaluation is undergoing."
      },
      {
        "category": "general",
        "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Security Measures"
      },
      {
        "category": "general",
        "text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
        "title": "Vulnerability Classification"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@sick.de",
      "issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
      "name": "SICK PSIRT",
      "namespace": "https://www.sick.com/psirt"
    },
    "references": [
      {
        "summary": "SICK PSIRT Security Advisories",
        "url": "https://sick.com/psirt"
      },
      {
        "summary": "SICK Operating Guidelines",
        "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
      },
      {
        "summary": "ICS-CERT recommended practices on Industrial Security",
        "url": "http://ics-cert.us-cert.gov/content/recommended-practices"
      },
      {
        "summary": "CVSS v3.1 Calculator",
        "url": "https://www.first.org/cvss/calculator/3.1"
      },
      {
        "category": "self",
        "summary": "The canonical URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2022/sca-2022-0012.json"
      }
    ],
    "title": "OpenSSL vulnerability affects multiple SICK SIMs",
    "tracking": {
      "current_release_date": "2022-08-03T13:00:00.000Z",
      "generator": {
        "date": "2023-02-10T09:56:48.078Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.0.0"
        }
      },
      "id": "SCA-2022-0012",
      "initial_release_date": "2022-08-08T13:00:00.000Z",
      "revision_history": [
        {
          "date": "2022-08-08T13:00:00.000Z",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2023-02-10T11:00:00.000Z",
          "number": "2",
          "summary": "The canonical URL."
        },
        {
          "date": "2025-07-30T07:29:45.000Z",
          "number": "3",
          "summary": "Updated Advisory: URL for SICK Operating Guidelines has been updated"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK SIM1000 FX all versions",
                  "product_id": "CSAFPID-0001",
                  "product_identification_helper": {
                    "skus": [
                      "1097816",
                      "1097817"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIM1000 FX"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK SIM1004 all versions",
                  "product_id": "CSAFPID-0002",
                  "product_identification_helper": {
                    "skus": [
                      "1098148"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIM1004"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK SIM1012 all versions",
                  "product_id": "CSAFPID-0003",
                  "product_identification_helper": {
                    "skus": [
                      "1098146"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIM1012"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK SIM2000ST-E all versions",
                  "product_id": "CSAFPID-0004",
                  "product_identification_helper": {
                    "skus": [
                      "1112345"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIM2000ST-E"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK SIM2000ST Track \u0026 Trace (2086502) all versions",
                  "product_id": "CSAFPID-0005",
                  "product_identification_helper": {
                    "skus": [
                      "2086502"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIM2000ST Track \u0026 Trace (2086502)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK SIM2000ST Track \u0026 Trace (2086501) all versions",
                  "product_id": "CSAFPID-0006",
                  "product_identification_helper": {
                    "skus": [
                      "2086501"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIM2000ST Track \u0026 Trace (2086501)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK SIM2000-2 P Track \u0026 Trace all versions",
                  "product_id": "CSAFPID-0007",
                  "product_identification_helper": {
                    "skus": [
                      "1117588"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIM2000-2 P Track \u0026 Trace"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK SIM2x00 all versions",
                  "product_id": "CSAFPID-0008",
                  "product_identification_helper": {
                    "skus": [
                      "1081902",
                      "1092673",
                      "1112341"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIM2x00"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK SIM2000ST all versions",
                  "product_id": "CSAFPID-0009",
                  "product_identification_helper": {
                    "skus": [
                      "1080579"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIM2000ST"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK SIM4000 all versions",
                  "product_id": "CSAFPID-0010",
                  "product_identification_helper": {
                    "skus": [
                      "1078787",
                      "1078484",
                      "1084131"
                    ]
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "SIM4000"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.5.2",
                "product": {
                  "name": "SICK SIM1000 FX Firmware \u003c= 1.5.2",
                  "product_id": "CSAFPID-0011"
                }
              }
            ],
            "category": "product_name",
            "name": "SIM1000 FX Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.1.0",
                "product": {
                  "name": "SICK SIM1004 Firmware \u003c= 1.1.0",
                  "product_id": "CSAFPID-0012"
                }
              }
            ],
            "category": "product_name",
            "name": "SIM1004 Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 2.0.6",
                "product": {
                  "name": "SICK SIM1012 Firmware \u003c= 2.0.6",
                  "product_id": "CSAFPID-0013"
                }
              }
            ],
            "category": "product_name",
            "name": "SIM1012 Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.7.0",
                "product": {
                  "name": "SICK SIM2000ST-E Firmware \u003c1.7.0",
                  "product_id": "CSAFPID-0014"
                }
              },
              {
                "category": "product_version",
                "name": "1.7.0",
                "product": {
                  "name": "SICK SIM2000ST-E Firmware 1.7.0",
                  "product_id": "CSAFPID-0015"
                }
              }
            ],
            "category": "product_name",
            "name": "SIM2000ST-E Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.13.2",
                "product": {
                  "name": "SICK SIM2000ST Track \u0026 Trace (2086502) Firmware \u003c= 1.13.2",
                  "product_id": "CSAFPID-0016"
                }
              }
            ],
            "category": "product_name",
            "name": "SIM2000ST Track \u0026 Trace (2086502) Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.7.0",
                "product": {
                  "name": "SICK SIM2000ST Track \u0026 Trace (2086501) Firmware \u003c= 1.7.0",
                  "product_id": "CSAFPID-0017"
                }
              }
            ],
            "category": "product_name",
            "name": "SIM2000ST Track \u0026 Trace (2086501) Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.7.0",
                "product": {
                  "name": "SICK SIM2000-2 P Track \u0026 Trace Firmware \u003c1.7.0",
                  "product_id": "CSAFPID-0018"
                }
              },
              {
                "category": "product_version",
                "name": "1.7.0",
                "product": {
                  "name": "SICK SIM2000-2 P Track \u0026 Trace Firmware 1.7.0",
                  "product_id": "CSAFPID-0019"
                }
              }
            ],
            "category": "product_name",
            "name": "SIM2000-2 P Track \u0026 Trace Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c1.2.0",
                "product": {
                  "name": "SICK SIM2x00 Firmware \u003c1.2.0",
                  "product_id": "CSAFPID-0020"
                }
              },
              {
                "category": "product_version",
                "name": "1.2.0",
                "product": {
                  "name": "SICK SIM2x00 Firmware 1.2.0",
                  "product_id": "CSAFPID-0021"
                }
              }
            ],
            "category": "product_name",
            "name": "SIM2x00 Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.7.0",
                "product": {
                  "name": "SICK SIM2000ST Firmware \u003c= 1.7.0",
                  "product_id": "CSAFPID-0022"
                }
              }
            ],
            "category": "product_name",
            "name": "SIM2000ST Firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 1.10.1",
                "product": {
                  "name": "SICK SIM4000 Firmware \u003c= 1.10.1",
                  "product_id": "CSAFPID-0023"
                }
              }
            ],
            "category": "product_name",
            "name": "SIM4000 Firmware"
          }
        ],
        "category": "vendor",
        "name": "SICK AG"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK SIM1000 FX with Firmware \u003c= 1.5.2",
          "product_id": "CSAFPID-0024"
        },
        "product_reference": "CSAFPID-0011",
        "relates_to_product_reference": "CSAFPID-0001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK SIM1004 with Firmware \u003c= 1.1.0",
          "product_id": "CSAFPID-0025"
        },
        "product_reference": "CSAFPID-0012",
        "relates_to_product_reference": "CSAFPID-0002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK SIM1012 with Firmware \u003c= 2.0.6",
          "product_id": "CSAFPID-0026"
        },
        "product_reference": "CSAFPID-0013",
        "relates_to_product_reference": "CSAFPID-0003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK SIM2000ST-E with Firmware \u003c1.7.0",
          "product_id": "CSAFPID-0027"
        },
        "product_reference": "CSAFPID-0014",
        "relates_to_product_reference": "CSAFPID-0004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK SIM2000ST Track \u0026 Trace (2086502) with Firmware \u003c= 1.13.2",
          "product_id": "CSAFPID-0028"
        },
        "product_reference": "CSAFPID-0016",
        "relates_to_product_reference": "CSAFPID-0005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK SIM2000ST Track \u0026 Trace (2086501) with Firmware \u003c= 1.7.0",
          "product_id": "CSAFPID-0029"
        },
        "product_reference": "CSAFPID-0017",
        "relates_to_product_reference": "CSAFPID-0006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK SIM2000-2 P Track \u0026 Trace with Firmware \u003c1.7.0",
          "product_id": "CSAFPID-0030"
        },
        "product_reference": "CSAFPID-0018",
        "relates_to_product_reference": "CSAFPID-0007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK SIM2x00 with Firmware \u003c1.2.0",
          "product_id": "CSAFPID-0031"
        },
        "product_reference": "CSAFPID-0020",
        "relates_to_product_reference": "CSAFPID-0008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK SIM2000ST with Firmware \u003c= 1.7.0",
          "product_id": "CSAFPID-0032"
        },
        "product_reference": "CSAFPID-0022",
        "relates_to_product_reference": "CSAFPID-0009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK SIM4000 with Firmware \u003c= 1.10.1",
          "product_id": "CSAFPID-0033"
        },
        "product_reference": "CSAFPID-0023",
        "relates_to_product_reference": "CSAFPID-0010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK SIM2000ST-E with Firmware 1.7.0",
          "product_id": "CSAFPID-0034"
        },
        "product_reference": "CSAFPID-0015",
        "relates_to_product_reference": "CSAFPID-0004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK SIM2000-2 P Track \u0026 Trace with Firmware 1.7.0",
          "product_id": "CSAFPID-0035"
        },
        "product_reference": "CSAFPID-0019",
        "relates_to_product_reference": "CSAFPID-0007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK SIM2x00 with Firmware 1.2.0",
          "product_id": "CSAFPID-0036"
        },
        "product_reference": "CSAFPID-0021",
        "relates_to_product_reference": "CSAFPID-0008"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-0778",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "description",
          "text": "Description of the original advisory from OpenSSL:\n\u201cThe OpenSSL BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form.\nIt is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial-of-service attack.\nThe infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters.\u201d",
          "title": "CVE Description"
        }
      ],
      "product_status": {
        "fixed": [
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036"
        ],
        "known_affected": [
          "CSAFPID-0024",
          "CSAFPID-0025",
          "CSAFPID-0026",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0030",
          "CSAFPID-0027",
          "CSAFPID-0031"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "OpenSSL Security Advisory",
          "url": "https://www.openssl.org/news/secadv/20220315.txt"
        },
        {
          "category": "external",
          "summary": "CVE Entry",
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778"
        }
      ],
      "remediations": [
        {
          "category": "none_available",
          "details": "The recommended solution will be the update of the firmware to a version \u003e= 1.10.2 (release not yet scheduled). Please see \u201cWorkaround\u201d.",
          "product_ids": [
            "CSAFPID-0033"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "The recommended solution is to update the firmware to a version \u003e= 1.2.0 as soon as possible.",
          "product_ids": [
            "CSAFPID-0031"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "The recommended solution is to update the firmware to a version \u003e= 1.7.0 as soon as possible.",
          "product_ids": [
            "CSAFPID-0027",
            "CSAFPID-0030"
          ]
        },
        {
          "category": "none_available",
          "details": "The recommended solution will be the update of the firmware to a version \u003e= 1.7.1 (release not yet scheduled). Please see \u201cWorkaround\u201d.",
          "product_ids": [
            "CSAFPID-0032",
            "CSAFPID-0029"
          ]
        },
        {
          "category": "none_available",
          "details": "The recommended solution will be the update of the firmware to a version \u003e= 1.13.3 (release not yet scheduled).",
          "product_ids": [
            "CSAFPID-0028"
          ]
        },
        {
          "category": "none_available",
          "details": "The recommended solution will be the update of the firmware to a version \u003e= 2.1.0 (in progress, release not yet scheduled).",
          "product_ids": [
            "CSAFPID-0026"
          ]
        },
        {
          "category": "none_available",
          "details": "The recommended solution will be the update of the firmware to a version \u003e= 2.0.0 (in progress, release not yet scheduled).",
          "product_ids": [
            "CSAFPID-0025"
          ]
        },
        {
          "category": "none_available",
          "details": "The recommended solution will be the update of the firmware to a version \u003e= 1.6.0 (in progress, release not yet scheduled).",
          "product_ids": [
            "CSAFPID-0024"
          ]
        },
        {
          "category": "workaround",
          "details": "In the runtime context of an SIM application, the SSH access should not be required at all, it is recommended as a workaround to disable port 22 (SSH) of the corresponding Ethernet port at the SIM via App (Firewall-API).",
          "product_ids": [
            "CSAFPID-0033",
            "CSAFPID-0032",
            "CSAFPID-0029",
            "CSAFPID-0028",
            "CSAFPID-0026",
            "CSAFPID-0025",
            "CSAFPID-0024"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0024",
            "CSAFPID-0025",
            "CSAFPID-0026",
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033"
          ]
        }
      ]
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.