sca-2022-0013
Vulnerability from csaf_sick
Published
2022-10-21 13:00
Modified
2022-11-04 14:00
Summary
Password recovery vulnerability affects multiple SICK SIMs
Notes
SICK received a report about a vulnerability in multiple SICK SIM products. The vulnerability is classified as a "Missing Authentication for Critical Function" vulnerability and results from a mishandling of access to a password recovery mechanism.
It is possible for an unprivileged, remote user to invocate the password recovery mechanism without the needed authentication rights to gain access to the userlevel "RecoverableUserLevel" and thereby increasing their privileges on the system.
General Security Measures
As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.
Vulnerability Classification
SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "SICK received a report about a vulnerability in multiple SICK SIM products. The vulnerability is classified as a \"Missing Authentication for Critical Function\" vulnerability and results from a mishandling of access to a password recovery mechanism. \nIt is possible for an unprivileged, remote user to invocate the password recovery mechanism without the needed authentication rights to gain access to the userlevel \"RecoverableUserLevel\" and thereby increasing their privileges on the system. \n"
},
{
"category": "general",
"text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Security Measures"
},
{
"category": "general",
"text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
"title": "Vulnerability Classification"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@sick.de",
"issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
"name": "SICK PSIRT",
"namespace": "https://sick.com/psirt"
},
"references": [
{
"summary": "SICK PSIRT Security Advisories",
"url": "https://sick.com/psirt"
},
{
"summary": "SICK Operating Guidelines",
"url": "https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF"
},
{
"summary": "ICS-CERT recommended practices on Industrial Security",
"url": "http://ics-cert.us-cert.gov/content/recommended-practices"
},
{
"summary": "CVSS v3.1 Calculator",
"url": "https://www.first.org/cvss/calculator/3.1"
},
{
"category": "self",
"summary": "The canonical URL.",
"url": "https://www.sick.com/.well-known/csaf/white/2022/sca-2022-0013.json"
}
],
"title": "Password recovery vulnerability affects multiple SICK SIMs",
"tracking": {
"current_release_date": "2022-11-04T14:00:00.000Z",
"generator": {
"date": "2023-02-10T10:07:22.817Z",
"engine": {
"name": "Secvisogram",
"version": "2.0.0"
}
},
"id": "SCA-2022-0013",
"initial_release_date": "2022-10-21T13:00:00.000Z",
"revision_history": [
{
"date": "2022-10-21T13:00:00.000Z",
"number": "1",
"summary": "Initial release"
},
{
"date": "2022-11-04T14:00:00.000Z",
"number": "2",
"summary": "Updated CVE references"
},
{
"date": "2022-12-14T11:00:00.000Z",
"number": "3",
"summary": "Additional CVE included"
},
{
"date": "2023-02-10T11:00:00.000Z",
"number": "4",
"summary": "Updated Advisory (only visual changes)"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK SIM1000 FX all versions",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"skus": [
"1097816",
"1097817"
]
}
}
}
],
"category": "product_name",
"name": "SIM1000 FX"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK SIM1004 all versions",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"skus": [
"1098148"
]
}
}
}
],
"category": "product_name",
"name": "SIM1004"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK SIM1012 all versions",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"skus": [
"1098146"
]
}
}
}
],
"category": "product_name",
"name": "SIM1012"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK SIM2000ST (LFT, PPC) all versions",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"skus": [
"2086502"
]
}
}
}
],
"category": "product_name",
"name": "SIM2000ST (LFT, PPC)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK SIM2000ST (PPC) all versions",
"product_id": "CSAFPID-0005",
"product_identification_helper": {
"skus": [
"1080579"
]
}
}
}
],
"category": "product_name",
"name": "SIM2000ST (PPC)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK SIM2x00 (ARM) all versions",
"product_id": "CSAFPID-0006",
"product_identification_helper": {
"skus": [
"1092673",
"1081902"
]
}
}
}
],
"category": "product_name",
"name": "SIM2x00 (ARM)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK SIM4000 (PPC) all versions",
"product_id": "CSAFPID-0007",
"product_identification_helper": {
"skus": [
"1078787"
]
}
}
}
],
"category": "product_name",
"name": "SIM4000 (PPC)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.6.0",
"product": {
"name": "SICK SIM1000 FX Firmware \u003c1.6.0",
"product_id": "CSAFPID-0008"
}
},
{
"category": "product_version",
"name": "1.6.0",
"product": {
"name": "SICK SIM1000 FX Firmware 1.6.0",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "SIM1000 FX Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.0.0",
"product": {
"name": "SICK SIM1004 Firmware \u003c2.0.0",
"product_id": "CSAFPID-0010"
}
},
{
"category": "product_version",
"name": "2.0.0",
"product": {
"name": "SICK SIM1004 Firmware 2.0.0",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "SIM1004 Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.2.0",
"product": {
"name": "SICK SIM1012 Firmware \u003c2.2.0",
"product_id": "CSAFPID-0012"
}
},
{
"category": "product_version",
"name": "2.2.0",
"product": {
"name": "SICK SIM1012 Firmware 2.2.0",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "SIM1012 Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.13.4",
"product": {
"name": "SICK SIM2000ST (LFT, PPC) Firmware \u003c1.13.4",
"product_id": "CSAFPID-0014"
}
},
{
"category": "product_version",
"name": "1.13.4",
"product": {
"name": "SICK SIM2000ST (LFT, PPC) Firmware 1.13.4",
"product_id": "CSAFPID-0015"
}
}
],
"category": "product_name",
"name": "SIM2000ST (LFT, PPC) Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK SIM2000ST (PPC) Firmware all versions",
"product_id": "CSAFPID-0016"
}
}
],
"category": "product_name",
"name": "SICK SIM2000ST (PPC) Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.2.0",
"product": {
"name": "SICK SIM2x00 (ARM) Firmware \u003c1.2.0",
"product_id": "CSAFPID-0017"
}
},
{
"category": "product_version",
"name": "1.2.0",
"product": {
"name": "SICK SIM2x00 (ARM) Firmware 1.2.0",
"product_id": "CSAFPID-0018"
}
}
],
"category": "product_name",
"name": "SIM2x00 (ARM) Firmware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SICK SIM4000 (PPC) Firmware all versions",
"product_id": "CSAFPID-0019"
}
}
],
"category": "product_name",
"name": "SIM4000 (PPC) Firmware"
}
],
"category": "vendor",
"name": "SICK AG"
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM1000 FX with Firmware \u003c1.6.0",
"product_id": "CSAFPID-0020"
},
"product_reference": "CSAFPID-0008",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM1004 with Firmware \u003c2.0.0",
"product_id": "CSAFPID-0021"
},
"product_reference": "CSAFPID-0010",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM1012 with Firmware \u003c2.2.0",
"product_id": "CSAFPID-0022"
},
"product_reference": "CSAFPID-0012",
"relates_to_product_reference": "CSAFPID-0003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM2000ST (LFT, PPC) with Firmware \u003c1.13.4",
"product_id": "CSAFPID-0023"
},
"product_reference": "CSAFPID-0014",
"relates_to_product_reference": "CSAFPID-0004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM2000ST (PPC) all Firmware versions",
"product_id": "CSAFPID-0024"
},
"product_reference": "CSAFPID-0016",
"relates_to_product_reference": "CSAFPID-0005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM2x00 (ARM) with Firmware \u003c1.2.0",
"product_id": "CSAFPID-0025"
},
"product_reference": "CSAFPID-0017",
"relates_to_product_reference": "CSAFPID-0006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM4000 (PPC) all Firmware versions",
"product_id": "CSAFPID-0026"
},
"product_reference": "CSAFPID-0019",
"relates_to_product_reference": "CSAFPID-0007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM1000 FX with Firmware 1.6.0",
"product_id": "CSAFPID-0027"
},
"product_reference": "CSAFPID-0009",
"relates_to_product_reference": "CSAFPID-0001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM1004 with Firmware 2.0.0",
"product_id": "CSAFPID-0028"
},
"product_reference": "CSAFPID-0011",
"relates_to_product_reference": "CSAFPID-0002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM1012 with Firmware 2.2.0",
"product_id": "CSAFPID-0029"
},
"product_reference": "CSAFPID-0013",
"relates_to_product_reference": "CSAFPID-0003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM2000ST (LFT, PPC) with Firmware 1.13.4",
"product_id": "CSAFPID-0030"
},
"product_reference": "CSAFPID-0015",
"relates_to_product_reference": "CSAFPID-0004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "SICK SIM2x00 (ARM) with Firmware 1.2.0",
"product_id": "CSAFPID-0031"
},
"product_reference": "CSAFPID-0018",
"relates_to_product_reference": "CSAFPID-0006"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27582",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "description",
"text": "Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 1078787 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. \nThe firmware versions \u003c=1.10.1 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM4000. A fix is planned but not yet scheduled."
}
],
"product_status": {
"known_affected": [
"CSAFPID-0026"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that you apply general security practices when operating the SIM4000 (PPC). \nThe firmware versions \u003c=1.10.1 for SIM4000 allow to optionally disable device configuration over the network interfaces.\nAdditionally, the following general security practices could mitigate the associated security risk. A fix is planned but not yet scheduled.",
"product_ids": [
"CSAFPID-0026"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0026"
]
}
]
},
{
"cve": "CVE-2022-27584",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "description",
"text": "Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability.\nThe firmware versions \u003c=1.7.0 allow to optionally disable device configuration over the network interfaces. Please make sure that you apply general security practices when operating the SIM2000ST. A fix is planned but not yet scheduled."
}
],
"product_status": {
"known_affected": [
"CSAFPID-0024"
]
},
"remediations": [
{
"category": "workaround",
"details": "Please make sure that you apply general security practices when operating the SIM2000ST (part number 1080579). \nThe firmware versions \u003c=1.7.0 for SIM2000ST (part number 1080579) allow to optionally disable device configuration over the network interfaces.\nAdditionally, the following general security practices could mitigate the associated security risk. A fix is planned but not yet scheduled.",
"product_ids": [
"CSAFPID-0024"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0024"
]
}
]
},
{
"cve": "CVE-2022-47377",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "description",
"text": "Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 with firmware version \u003c1.13.4 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version \u003e= 1.13.4 as soon as possible (available in SICK Support Portal). "
}
],
"product_status": {
"fixed": [
"CSAFPID-0023"
],
"recommended": [
"CSAFPID-0030"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "The recommended solution is to update the firmware to a version \u003e= 1.13.4 as soon as possible.\nThe current firmware allows already to optionally disable device configuration over desired networks interfaces, especially in critical infrastructures.",
"product_ids": [
"CSAFPID-0023"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0023"
]
}
]
},
{
"cve": "CVE-2022-27585",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "description",
"text": "Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 and 1097817 with firmware version \u003c1.6.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version \u003e= 1.6.0 as soon as possible (available in SICK Support Portal)."
}
],
"product_status": {
"fixed": [
"CSAFPID-0020"
],
"recommended": [
"CSAFPID-0027"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "The recommended solution is to update the firmware to a version \u003e= 1.6.0 as soon as possible (available in SICK Support Portal).",
"product_ids": [
"CSAFPID-0020"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0020"
]
}
]
},
{
"cve": "CVE-2022-43989",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "description",
"text": "Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 1092673 and 1081902 with firmware version \u003c 1.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version \u003e= 1.2.0 as soon as possible (available in SICK Support Portal)."
}
],
"product_status": {
"fixed": [
"CSAFPID-0025"
],
"recommended": [
"CSAFPID-0031"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "The recommended solution is to update the firmware to a version \u003e= 1.2.0 as soon as possible.",
"product_ids": [
"CSAFPID-0025"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0025"
]
}
]
},
{
"cve": "CVE-2022-43990",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "description",
"text": "Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version \u003c2.2.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version \u003e= 2.2.0 as soon as possible (available in SICK Support Portal)."
}
],
"product_status": {
"fixed": [
"CSAFPID-0022"
],
"recommended": [
"CSAFPID-0029"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "The recommended solution is to update the firmware to a version \u003e= 2.2.0 as soon as possible (available in SICK Support Portal).",
"product_ids": [
"CSAFPID-0022"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0022"
]
}
]
},
{
"cve": "CVE-2022-27586",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "description",
"text": "Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 with firmware version \u003c2.0.0 allows an unprivileged remote attacker to gain access to the userlevel defined as RecoverableUserLevel by invocating the password recovery mechanism method. This leads to an increase in their privileges on the system and thereby affecting the confidentiality integrity and availability of the system. An attacker can expect repeatable success by exploiting the vulnerability. The recommended solution is to update the firmware to a version \u003e= 2.0.0 as soon as possible (available in SICK Support Portal)."
}
],
"product_status": {
"fixed": [
"CSAFPID-0021"
],
"recommended": [
"CSAFPID-0028"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "The recommended solution is to update the firmware to a version \u003e= 2.0.0 as soon as possible.",
"product_ids": [
"CSAFPID-0021"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0021"
]
}
]
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.