Common Weakness Enumeration

CWE-1284

Allowed

Improper Validation of Specified Quantity in Input

Abstraction: Base · Status: Incomplete

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

494 vulnerabilities reference this CWE, most recent first.

CVE-2021-44693 (GCVE-0-2021-44693)

Vulnerability from cvelistv5 – Published: 2022-12-13 00:00 – Updated: 2025-04-21 13:45
VLAI
Summary
Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Impacted products
Vendor Product Version
Siemens SIMATIC Drive Controller CPU 1504D TF Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC Drive Controller CPU 1507D TF Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) Affected: All versions < V21.9.7
Create a notification for this product.
Siemens SIMATIC S7-1200 CPU family (incl. SIPLUS variants) Affected: All versions < V4.6.0
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1510SP F-1 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1510SP-1 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1511-1 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1511C-1 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1511F-1 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1511T-1 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1511TF-1 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1512C-1 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1512SP F-1 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1512SP-1 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1513-1 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1513F-1 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1513R-1 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1515-2 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1515F-2 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1515R-2 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1515T-2 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1515TF-2 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1516-3 PN/DP Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1516F-3 PN/DP Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1516T-3 PN/DP Affected: All versions < V3.0.1
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1516TF-3 PN/DP Affected: All versions < V3.0.1
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1517-3 PN/DP Affected: All versions < V3.0.1
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1517F-3 PN/DP Affected: All versions < V3.0.1
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1517H-3 PN Affected: All versions < V3.0.1
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1517T-3 PN/DP Affected: All versions < V3.0.1
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1517TF-3 PN/DP Affected: All versions < V3.0.1
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP Affected: All versions < V3.0.1
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1518-4 PN/DP MFP Affected: All versions < V3.0.1
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP Affected: All versions < V3.0.1
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP Affected: All versions < V3.0.1
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1518HF-4 PN Affected: All versions < V3.0.1
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1518T-4 PN/DP Affected: All versions < V3.0.1
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU 1518TF-4 PN/DP Affected: All versions < V3.0.1
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIMATIC S7-1500 Software Controller V2 Affected: All versions < V21.9.7
Create a notification for this product.
Siemens SIMATIC S7-PLCSIM Advanced Affected: All versions < V5.0
Create a notification for this product.
Siemens SIPLUS ET 200SP CPU 1510SP F-1 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS ET 200SP CPU 1510SP-1 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS ET 200SP CPU 1510SP-1 PN RAIL Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS ET 200SP CPU 1512SP F-1 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS ET 200SP CPU 1512SP-1 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS ET 200SP CPU 1512SP-1 PN RAIL Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1511-1 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1511-1 PN TX RAIL Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1511F-1 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1513-1 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1513F-1 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1515F-2 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1515F-2 PN RAIL Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1515R-2 PN Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1516F-3 PN/DP Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL Affected: All versions < V2.9.7
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1517H-3 PN Affected: All versions < V3.0.1
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP Affected: All versions < V3.0.1
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1518-4 PN/DP MFP Affected: All versions < V3.0.1
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1518F-4 PN/DP Affected: All versions < V3.0.1
Create a notification for this product.
Siemens SIPLUS S7-1500 CPU 1518HF-4 PN Affected: All versions < V3.0.1
Create a notification for this product.
Siemens SIPLUS TIM 1531 IRC Affected: All versions < V2.3.6
Create a notification for this product.
Siemens TIM 1531 IRC Affected: All versions < V2.3.6
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:25:16.966Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-44693",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-18T15:15:17.856761Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-21T13:45:41.428Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Drive Controller CPU 1504D TF",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC Drive Controller CPU 1507D TF",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V21.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V4.6.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1510SP F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1510SP-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1511-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1511-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1511C-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1511C-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1511F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1511F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1511T-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1511TF-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1512C-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1512C-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1512SP F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1512SP-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1513-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1513-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1513F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1513F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1513R-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1515-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1515-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1515F-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1515F-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1515R-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1515T-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1515TF-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1516-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1516-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1516F-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1516F-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1516T-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1516TF-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1517-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1517F-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1517H-3 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1517T-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1517TF-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1518HF-4 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1518T-4 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU 1518TF-4 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-1500 Software Controller V2",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V21.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMATIC S7-PLCSIM Advanced",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1510SP F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1510SP-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1510SP-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1510SP-1 PN RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1510SP-1 PN RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1512SP F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1512SP F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1512SP-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1512SP-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1512SP-1 PN RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS ET 200SP CPU 1512SP-1 PN RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1511-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1511-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1511-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1511-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1511-1 PN TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1511-1 PN TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1511F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1511F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1513-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1513-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1513-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1513-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1513F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1513F-1 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1515F-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1515F-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1515F-2 PN RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1515R-2 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1516-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1516F-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1516F-3 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.9.7"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1517H-3 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1518F-4 PN/DP",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS S7-1500 CPU 1518HF-4 PN",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V3.0.1"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIPLUS TIM 1531 IRC",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.3.6"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "TIM 1531 IRC",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2.3.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Affected devices don\u0027t process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284: Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-12T09:31:53.197Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-382653.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-44693",
    "datePublished": "2022-12-13T00:00:00.000Z",
    "dateReserved": "2021-12-07T00:00:00.000Z",
    "dateUpdated": "2025-04-21T13:45:41.428Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31346 (GCVE-0-2021-31346)

Vulnerability from cvelistv5 – Published: 2021-11-09 11:31 – Updated: 2025-03-11 09:47
VLAI
Summary
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions < V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:55:53.543Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Capital Embedded AR Classic 431-422",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Capital Embedded AR Classic R20-11",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2303",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "PLUSCONTROL 1st Gen",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOTICS CONNECT 400",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V0.5.0.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "SIMOTICS CONNECT 400",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.0.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400 (All versions \u003c V0.5.0.0), SIMOTICS CONNECT 400 (All versions \u003c V1.0.0.0). The total length of an ICMP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on the network buffer organization in memory. (FSMD-2021-0007)"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284: Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-11T09:47:39.488Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-845392.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-223353.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-31346",
    "datePublished": "2021-11-09T11:31:53.000Z",
    "dateReserved": "2021-04-15T00:00:00.000Z",
    "dateUpdated": "2025-03-11T09:47:39.488Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31345 (GCVE-0-2021-31345)

Vulnerability from cvelistv5 – Published: 2021-11-09 11:31 – Updated: 2025-03-11 09:47
VLAI
Summary
A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:55:53.688Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Capital Embedded AR Classic 431-422",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Capital Embedded AR Classic R20-11",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V2303",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "PLUSCONTROL 1st Gen",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions \u003c V2303), PLUSCONTROL 1st Gen (All versions). The total length of an UDP payload (set in the IP header) is unchecked. This may lead to various side effects, including Information Leak and Denial-of-Service conditions, depending on a user-defined applications that runs on top of the UDP protocol. (FSMD-2021-0006)"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284: Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-11T09:47:37.991Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-845392.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-31345",
    "datePublished": "2021-11-09T11:31:52.000Z",
    "dateReserved": "2021-04-15T00:00:00.000Z",
    "dateUpdated": "2025-03-11T09:47:37.991Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-27217 (GCVE-0-2020-27217)

Vulnerability from cvelistv5 – Published: 2020-11-13 19:30 – Updated: 2024-08-04 16:11
VLAI
Summary
In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. In particular, a device may send messages that are bigger than the max-message-size that the protocol adapter has indicated during link establishment. While the AMQP 1.0 protocol explicitly disallows a peer to send such messages, a hand crafted AMQP 1.0 client could exploit this behavior in order to send a message of unlimited size to the adapter, eventually causing the adapter to fail with an out of memory exception.
Severity
No CVSS data available.
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
Vendor Product Version
The Eclipse Foundation Eclipse Hono Affected: 1.3.0
Affected: 1.4.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:11:35.953Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=567068"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Eclipse Hono",
          "vendor": "The Eclipse Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "1.3.0"
            },
            {
              "status": "affected",
              "version": "1.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. In particular, a device may send messages that are bigger than the max-message-size that the protocol adapter has indicated during link establishment. While the AMQP 1.0 protocol explicitly disallows a peer to send such messages, a hand crafted AMQP 1.0 client could exploit this behavior in order to send a message of unlimited size to the adapter, eventually causing the adapter to fail with an out of memory exception."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284: Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-13T19:30:16.000Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=567068"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@eclipse.org",
          "ID": "CVE-2020-27217",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Eclipse Hono",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.3.0"
                          },
                          {
                            "version_value": "1.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Eclipse Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. In particular, a device may send messages that are bigger than the max-message-size that the protocol adapter has indicated during link establishment. While the AMQP 1.0 protocol explicitly disallows a peer to send such messages, a hand crafted AMQP 1.0 client could exploit this behavior in order to send a message of unlimited size to the adapter, eventually causing the adapter to fail with an out of memory exception."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-1284: Improper Validation of Specified Quantity in Input"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=567068",
              "refsource": "CONFIRM",
              "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=567068"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2020-27217",
    "datePublished": "2020-11-13T19:30:16.000Z",
    "dateReserved": "2020-10-19T00:00:00.000Z",
    "dateUpdated": "2024-08-04T16:11:35.953Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-0270 (GCVE-0-2013-0270)

Vulnerability from cvelistv5 – Published: 2013-04-12 22:00 – Updated: 2026-04-07 06:55
VLAI
Title
Keystone: openstack keystone: denial of service via large http request with long tenant name
Summary
A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system.
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Date Public
2013-04-12 22:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:18:09.668Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://launchpad.net/keystone/grizzly/2013.1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909012"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/keystone/+bug/1099025"
          },
          {
            "name": "RHSA-2013:0708",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0708.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:13"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-user-workloads/openstack-keystone",
          "product": "Red Hat OpenStack Platform 13 (Queens)",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:16.2"
          ],
          "defaultStatus": "affected",
          "packageName": "openstack-keystone",
          "product": "Red Hat OpenStack Platform 16.2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:16.2"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-user-workloads/openstack-keystone",
          "product": "Red Hat OpenStack Platform 16.2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:17.1"
          ],
          "defaultStatus": "affected",
          "packageName": "openstack-keystone",
          "product": "Red Hat OpenStack Platform 17.1",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:17.1"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-user-workloads/openstack-keystone",
          "product": "Red Hat OpenStack Platform 17.1",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:18.0"
          ],
          "defaultStatus": "affected",
          "packageName": "openstack-keystone",
          "product": "Red Hat OpenStack Platform 18.0",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openstack:18.0"
          ],
          "defaultStatus": "affected",
          "packageName": "redhat-user-workloads/openstack-keystone",
          "product": "Red Hat OpenStack Platform 18.0",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2013-04-12T22:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources on the affected system."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-07T06:55:17.958Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0708.html"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2013-0270"
        },
        {
          "url": "https://bugs.launchpad.net/keystone/+bug/1099025"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909012"
        },
        {
          "url": "https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8"
        },
        {
          "url": "https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc"
        },
        {
          "url": "https://launchpad.net/keystone/grizzly/2013.1"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-02T15:03:35.327Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2013-04-12T22:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Keystone: openstack keystone: denial of service via large http request with long tenant name",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-1284: Improper Validation of Specified Quantity in Input"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-0270",
    "datePublished": "2013-04-12T22:00:00.000Z",
    "dateReserved": "2012-12-06T00:00:00.000Z",
    "dateUpdated": "2026-04-07T06:55:17.958Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

GHSA-22W8-2MRR-VH7H

Vulnerability from github – Published: 2026-03-09 12:31 – Updated: 2026-03-09 12:31
VLAI
Details

A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.56.0 is able to resolve this issue. The identifier of the patch is e8f1e5131535b8fd80a7b1b3085d676295fdcd41. Upgrading the affected component is recommended.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3816"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-404"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-09T11:16:06Z",
    "severity": "MODERATE"
  },
  "details": "A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.56.0 is able to resolve this issue. The identifier of the patch is e8f1e5131535b8fd80a7b1b3085d676295fdcd41. Upgrading the affected component is recommended.",
  "id": "GHSA-22w8-2mrr-vh7h",
  "modified": "2026-03-09T12:31:39Z",
  "published": "2026-03-09T12:31:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3816"
    },
    {
      "type": "WEB",
      "url": "https://github.com/DefectDojo/django-DefectDojo/pull/14408"
    },
    {
      "type": "WEB",
      "url": "https://github.com/DefectDojo/django-DefectDojo/commit/e8f1e5131535b8fd80a7b1b3085d676295fdcd41"
    },
    {
      "type": "WEB",
      "url": "https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.56.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/henrrrychau/cve-bug-bounty/blob/main/dfdj_zip_bomb_dos_oom/dfdj_zip_bomb_dos_oom.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/henrrrychau/cve-bug-bounty/blob/main/dfdj_zip_bomb_dos_oom/dfdj_zip_bomb_dos_oom.md#supporting-materialreferences"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.349782"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.349782"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.769524"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-237M-4VQC-855X

Vulnerability from github – Published: 2026-03-25 18:31 – Updated: 2026-03-25 18:31
VLAI
Details

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configuration inputs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13078"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T17:16:26Z",
    "severity": "MODERATE"
  },
  "details": "GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.10 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to cause a denial of service due to excessive resource consumption when processing certain webhook configuration inputs.",
  "id": "GHSA-237m-4vqc-855x",
  "modified": "2026-03-25T18:31:48Z",
  "published": "2026-03-25T18:31:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13078"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/3413704"
    },
    {
      "type": "WEB",
      "url": "https://about.gitlab.com/releases/2026/03/25/patch-release-gitlab-18-10-1-released"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/580488"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-278X-6VG6-6G42

Vulnerability from github – Published: 2022-05-01 23:49 – Updated: 2025-01-17 18:31
VLAI
Details

src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2008-2374"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-07-07T23:41:00Z",
    "severity": "HIGH"
  },
  "details": "src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a crafted length field that triggers excessive memory allocation or a buffer over-read.",
  "id": "GHSA-278x-6vg6-6g42",
  "modified": "2025-01-17T18:31:08Z",
  "published": "2022-05-01T23:49:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2374"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9973"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:9973"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00396.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00233.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/30957"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31057"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31833"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32099"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32279"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34280"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200903-29.xml"
    },
    {
      "type": "WEB",
      "url": "http://sourceforge.net/mailarchive/message.php?msg_name=b32d44000806161327u680c290au54fd21f2fef1d58e%40mail.gmail.com"
    },
    {
      "type": "WEB",
      "url": "http://sourceforge.net/mailarchive/message.php?msg_name=b32d44000806161327u680c290au54fd21f2fef1d58e@mail.gmail.com"
    },
    {
      "type": "WEB",
      "url": "http://www.bluez.org/bluez-334"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:145"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0581.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30105"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1020479"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2096/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-27XM-CJ78-CXMR

Vulnerability from github – Published: 2026-02-17 18:32 – Updated: 2026-02-18 21:31
VLAI
Details

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-13867"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-17T18:20:28Z",
    "severity": "MODERATE"
  },
  "details": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through\u00a011.5.9 and\u00a012.1.0 through\u00a012.1.3\u00a0could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic",
  "id": "GHSA-27xm-cj78-cxmr",
  "modified": "2026-02-18T21:31:22Z",
  "published": "2026-02-17T18:32:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13867"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7259963"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-28JG-WMV9-MFGW

Vulnerability from github – Published: 2023-05-16 00:30 – Updated: 2024-04-04 04:10
VLAI
Details

In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767870; Issue ID: ALPS07767870.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20705"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-15T22:15:10Z",
    "severity": "MODERATE"
  },
  "details": "In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767870; Issue ID: ALPS07767870.",
  "id": "GHSA-28jg-wmv9-mfgw",
  "modified": "2024-04-04T04:10:25Z",
  "published": "2023-05-16T00:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20705"
    },
    {
      "type": "WEB",
      "url": "https://corp.mediatek.com/product-security-bulletin/May-2023"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

No CAPEC attack patterns related to this CWE.