Common Weakness Enumeration

CWE-749

Allowed

Exposed Dangerous Method or Function

Abstraction: Base · Status: Incomplete

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

304 vulnerabilities reference this CWE, most recent first.

CVE-2020-12927 (GCVE-0-2020-12927)

Vulnerability from cvelistv5 – Published: 2020-11-12 19:09 – Updated: 2024-08-04 12:11
VLAI
Summary
A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system.
Severity
No CVSS data available.
CWE
  • CWE-749 - Exposed Dangerous Method or Function
Assigner
AMD
References
Impacted products
Vendor Product Version
n/a AMD VBIOS Flash Tool SDK Affected: Mitigated in version 3.12
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:18.785Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AMD VBIOS Flash Tool SDK",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Mitigated in version 3.12"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-749",
              "description": "CWE-749: Exposed Dangerous Method or Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-12T19:09:46.000Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.amd.com/en/corporate/product-security"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@amd.com",
          "ID": "CVE-2020-12927",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "AMD VBIOS Flash Tool SDK",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Mitigated in version 3.12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-749: Exposed Dangerous Method or Function"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.amd.com/en/corporate/product-security",
              "refsource": "MISC",
              "url": "https://www.amd.com/en/corporate/product-security"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2020-12927",
    "datePublished": "2020-11-12T19:09:46.000Z",
    "dateReserved": "2020-05-15T00:00:00.000Z",
    "dateUpdated": "2024-08-04T12:11:18.785Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-12912 (GCVE-0-2020-12912)

Vulnerability from cvelistv5 – Published: 2020-11-12 19:08 – Updated: 2024-08-04 12:11
VLAI
Summary
A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access.
Severity
No CVSS data available.
CWE
  • CWE-749 - Exposed Dangerous Method or Function
Assigner
AMD
References
Impacted products
Vendor Product Version
n/a AMD extension to Linux "hwmon" for Zen1 platforms Affected: Each Linux distro determines its own version.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:11:18.792Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AMD extension to Linux \"hwmon\" for Zen1 platforms",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Each Linux distro determines its own version."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A potential vulnerability in the AMD extension to Linux \"hwmon\" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-749",
              "description": "CWE-749: Exposed Dangerous Method or Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-12T19:08:57.000Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.amd.com/en/corporate/product-security"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@amd.com",
          "ID": "CVE-2020-12912",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "AMD extension to Linux \"hwmon\" for Zen1 platforms",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Each Linux distro determines its own version."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A potential vulnerability in the AMD extension to Linux \"hwmon\" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-749: Exposed Dangerous Method or Function"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.amd.com/en/corporate/product-security",
              "refsource": "MISC",
              "url": "https://www.amd.com/en/corporate/product-security"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2020-12912",
    "datePublished": "2020-11-12T19:08:57.000Z",
    "dateReserved": "2020-05-15T00:00:00.000Z",
    "dateUpdated": "2024-08-04T12:11:18.792Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-10268 (GCVE-0-2020-10268)

Vulnerability from cvelistv5 – Published: 2020-06-16 17:55 – Updated: 2024-09-16 18:59
VLAI
Title
RVD#2550: Terminate Critical Services in KUKA controller KR C4
Summary
Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that interfaces with the manipulator furthering the delay and increasing operational costs.
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Date Public
2020-06-16 00:00
Credits
Alias Robotics (group, https://aliasrobotics.com)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:58:40.108Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/aliasrobotics/RVD/issues/2550"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "KR3R540, KRC4, KSS8.5.7HF1, Win7_Embedded",
          "vendor": "KUKA Roboter GmbH",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Alias Robotics (group, https://aliasrobotics.com)"
        }
      ],
      "datePublic": "2020-06-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that interfaces with the manipulator furthering the delay and increasing operational costs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-749",
              "description": "CWE-749",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-16T17:55:11.000Z",
        "orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
        "shortName": "Alias"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/aliasrobotics/RVD/issues/2550"
        }
      ],
      "source": {
        "defect": [
          "RVD#2550"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "RVD#2550: Terminate Critical Services in KUKA controller KR C4",
      "x_ConverterErrors": {
        "cvssV3_0": {
          "error": "CVSSV3_0 data from v4 record is invalid",
          "message": "Malformed CVSS3 vector, trailing \"/\""
        }
      },
      "x_generator": {
        "engine": "Robot Vulnerability Database (RVD)"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@aliasrobotics.com",
          "DATE_PUBLIC": "2020-06-16T17:49:11 +00:00",
          "ID": "CVE-2020-10268",
          "STATE": "PUBLIC",
          "TITLE": "RVD#2550: Terminate Critical Services in KUKA controller KR C4"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "KR3R540, KRC4, KSS8.5.7HF1, Win7_Embedded",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "KUKA Roboter GmbH"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Alias Robotics (group, https://aliasrobotics.com)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that interfaces with the manipulator furthering the delay and increasing operational costs."
            }
          ]
        },
        "generator": {
          "engine": "Robot Vulnerability Database (RVD)"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "medium",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-749"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/aliasrobotics/RVD/issues/2550",
              "refsource": "CONFIRM",
              "url": "https://github.com/aliasrobotics/RVD/issues/2550"
            }
          ]
        },
        "source": {
          "defect": [
            "RVD#2550"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
    "assignerShortName": "Alias",
    "cveId": "CVE-2020-10268",
    "datePublished": "2020-06-16T17:55:11.700Z",
    "dateReserved": "2020-03-10T00:00:00.000Z",
    "dateUpdated": "2024-09-16T18:59:43.071Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-8212 (GCVE-0-2020-8212)

Vulnerability from cvelistv5 – Published: 2020-08-17 15:40 – Updated: 2024-08-04 09:56
VLAI
Summary
Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality.
Severity
No CVSS data available.
CWE
  • CWE-749 - Exposed Dangerous Method or Function (CWE-749)
Assigner
References
Impacted products
Vendor Product Version
n/a Citrix XenMobile Server Affected: Citrix XenMobile Server 10.12 RP3, Citrix XenMobile Server 10.11 RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:27.536Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX277457"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Citrix XenMobile Server",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Citrix XenMobile Server 10.12 RP3, Citrix XenMobile Server 10.11 RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-749",
              "description": "Exposed Dangerous Method or Function (CWE-749)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-17T15:40:35.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.citrix.com/article/CTX277457"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8212",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Citrix XenMobile Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Citrix XenMobile Server 10.12 RP3, Citrix XenMobile Server 10.11 RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Exposed Dangerous Method or Function (CWE-749)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.citrix.com/article/CTX277457",
              "refsource": "MISC",
              "url": "https://support.citrix.com/article/CTX277457"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8212",
    "datePublished": "2020-08-17T15:40:35.000Z",
    "dateReserved": "2020-01-28T00:00:00.000Z",
    "dateUpdated": "2024-08-04T09:56:27.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-3513 (GCVE-0-2020-3513)

Vulnerability from cvelistv5 – Published: 2020-09-24 17:51 – Updated: 2024-11-13 18:00
VLAI
Title
Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities
Summary
Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
Impacted products
Date Public
2020-09-24 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:37:54.658Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200924 Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rsp3-rce-jVHg8Z7c"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3513",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T17:17:50.534759Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T18:00:59.732Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XE Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-09-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-749",
              "description": "CWE-749",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-24T17:51:31.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200924 Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rsp3-rce-jVHg8Z7c"
        }
      ],
      "source": {
        "advisory": "cisco-sa-iosxe-rsp3-rce-jVHg8Z7c",
        "defect": [
          [
            "CSCvr69196",
            "CSCvs62410"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-09-24T16:00:00",
          "ID": "CVE-2020-3513",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS XE Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-749"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200924 Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rsp3-rce-jVHg8Z7c"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-iosxe-rsp3-rce-jVHg8Z7c",
          "defect": [
            [
              "CSCvr69196",
              "CSCvs62410"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3513",
    "datePublished": "2020-09-24T17:51:31.108Z",
    "dateReserved": "2019-12-12T00:00:00.000Z",
    "dateUpdated": "2024-11-13T18:00:59.732Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-3416 (GCVE-0-2020-3416)

Vulnerability from cvelistv5 – Published: 2020-09-24 18:01 – Updated: 2024-11-13 17:55
VLAI
Title
Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities
Summary
Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
Impacted products
Date Public
2020-09-24 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:30:58.670Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200924 Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rsp3-rce-jVHg8Z7c"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3416",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-13T17:17:44.728512Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-13T17:55:48.060Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XE Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-09-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-749",
              "description": "CWE-749",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-24T18:01:46.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200924 Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rsp3-rce-jVHg8Z7c"
        }
      ],
      "source": {
        "advisory": "cisco-sa-iosxe-rsp3-rce-jVHg8Z7c",
        "defect": [
          [
            "CSCvr69196",
            "CSCvs62410"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-09-24T16:00:00",
          "ID": "CVE-2020-3416",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS XE Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.7",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-749"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200924 Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rsp3-rce-jVHg8Z7c"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-iosxe-rsp3-rce-jVHg8Z7c",
          "defect": [
            [
              "CSCvr69196",
              "CSCvs62410"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3416",
    "datePublished": "2020-09-24T18:01:46.479Z",
    "dateReserved": "2019-12-12T00:00:00.000Z",
    "dateUpdated": "2024-11-13T17:55:48.060Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-2503 (GCVE-0-2020-2503)

Vulnerability from cvelistv5 – Published: 2020-12-24 01:39 – Updated: 2024-09-17 03:07
VLAI
Title
Stored cross-site scripting vulnerability in QES
Summary
If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.
CWE
  • CWE-79 - Cross-site Scripting (XSS)
  • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
  • CWE-749 - Exposed Dangerous Method or Function
Assigner
References
Impacted products
Vendor Product Version
QNAP Systems Inc. QES Affected: unspecified , < 2.1.1 (custom)
Create a notification for this product.
Date Public
2020-12-23 00:00
Credits
TIM Security Red Team Research
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:09:54.672Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-17"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "build 20201006"
          ],
          "product": "QES",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "2.1.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "TIM Security Red Team Research"
        }
      ],
      "datePublic": "2020-12-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-80",
              "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-749",
              "description": "CWE-749 Exposed Dangerous Method or Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-31T16:33:28.000Z",
        "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "shortName": "qnap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-17"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later."
        }
      ],
      "source": {
        "advisory": "QSA-20-17",
        "discovery": "EXTERNAL"
      },
      "title": "Stored cross-site scripting vulnerability in QES",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@qnap.com",
          "DATE_PUBLIC": "2020-12-23T05:49:00.000Z",
          "ID": "CVE-2020-2503",
          "STATE": "PUBLIC",
          "TITLE": "Stored cross-site scripting vulnerability in QES"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "QES",
                      "version": {
                        "version_data": [
                          {
                            "platform": "build 20201006",
                            "version_affected": "\u003c",
                            "version_value": "2.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "QNAP Systems Inc."
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "TIM Security Red Team Research"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Cross-site Scripting (XSS)"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-749 Exposed Dangerous Method or Function"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-17",
              "refsource": "MISC",
              "url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-17"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later."
          }
        ],
        "source": {
          "advisory": "QSA-20-17",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
    "assignerShortName": "qnap",
    "cveId": "CVE-2020-2503",
    "datePublished": "2020-12-24T01:39:08.389Z",
    "dateReserved": "2019-12-09T00:00:00.000Z",
    "dateUpdated": "2024-09-17T03:07:20.826Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-20923 (GCVE-0-2019-20923)

Vulnerability from cvelistv5 – Published: 2020-11-23 15:30 – Updated: 2024-09-16 17:03
VLAI
Title
Crash while handling internal Javascript exception types
Summary
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-749 - Exposed Dangerous Method or Function
Assigner
References
URL Tags
https://jira.mongodb.org/browse/SERVER-39481 x_refsource_CONFIRM
Impacted products
Vendor Product Version
MongoDB Inc. MongoDB Server Affected: 4.0 , < 4.0.7 (custom)
Create a notification for this product.
mongodb mongodb_server Affected: 4.0
    cpe:2.3:a:mongodb:mongodb_server:4.0:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2020-11-30 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:mongodb:mongodb_server:4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "mongodb_server",
            "vendor": "mongodb",
            "versions": [
              {
                "status": "affected",
                "version": "4.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-20923",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-22T17:28:47.037349Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-15T17:19:26.516Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:00:19.094Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://jira.mongodb.org/browse/SERVER-39481"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MongoDB Server",
          "vendor": "MongoDB Inc.",
          "versions": [
            {
              "lessThan": "4.0.7",
              "status": "affected",
              "version": "4.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-11-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine\u0027s internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7.\u003c/p\u003e"
            }
          ],
          "value": "A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine\u0027s internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-749",
              "description": "CWE-749 Exposed Dangerous Method or Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-23T15:01:36.205Z",
        "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
        "shortName": "mongodb"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://jira.mongodb.org/browse/SERVER-39481"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Crash while handling internal Javascript exception types",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@mongodb.com",
          "DATE_PUBLIC": "2020-11-30T14:00:00.000Z",
          "ID": "CVE-2019-20923",
          "STATE": "PUBLIC",
          "TITLE": "Crash while handling internal Javascript exception types"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MongoDB Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "4.0",
                            "version_value": "4.0.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "MongoDB Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine\u0027s internals. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.7."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-749 Exposed Dangerous Method or Function"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jira.mongodb.org/browse/SERVER-39481",
              "refsource": "CONFIRM",
              "url": "https://jira.mongodb.org/browse/SERVER-39481"
            }
          ]
        },
        "source": {
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
    "assignerShortName": "mongodb",
    "cveId": "CVE-2019-20923",
    "datePublished": "2020-11-23T15:30:20.507Z",
    "dateReserved": "2020-10-06T00:00:00.000Z",
    "dateUpdated": "2024-09-16T17:03:47.113Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-18342 (GCVE-0-2019-18342)

Vulnerability from cvelistv5 – Published: 2019-12-12 19:08 – Updated: 2024-08-05 01:54
VLAI
Summary
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server (CCS) does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker with network access to the CCS server could exploit this vulnerability to read or delete arbitrary files, or access other resources on the same server.
CWE
  • CWE-749 - Exposed Dangerous Method or Function
Assigner
References
Impacted products
Vendor Product Version
Siemens Control Center Server (CCS) Affected: All versions < V1.5.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:54:13.423Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Control Center Server (CCS)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V1.5.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions \u003c V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server\n(CCS) does not properly limit its capabilities to the specified purpose.\n\nIn conjunction with CVE-2019-18341, an unauthenticated remote attacker with\nnetwork access to the CCS server could exploit this vulnerability\nto read or delete arbitrary files, or access other resources on the same\nserver."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-749",
              "description": "CWE-749: Exposed Dangerous Method or Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-09T09:56:17.087Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2019-18342",
    "datePublished": "2019-12-12T19:08:49.000Z",
    "dateReserved": "2019-10-23T00:00:00.000Z",
    "dateUpdated": "2024-08-05T01:54:13.423Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-13945 (GCVE-0-2019-13945)

Vulnerability from cvelistv5 – Published: 2019-12-12 13:19 – Updated: 2024-08-05 00:05
VLAI
Summary
A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) < 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process.
Severity
No CVSS data available.
CWE
  • CWE-749 - Exposed Dangerous Method or Function
Assigner
References
Impacted products
Vendor Product Version
Siemens AG SIMATIC S7-1200 CPU family (incl. SIPLUS variants) Affected: All versions
Create a notification for this product.
Siemens AG SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) Affected: All versions
Create a notification for this product.
Siemens AG SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) Affected: All versions with Function State (FS) < 11
Create a notification for this product.
Siemens AG SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) Affected: All versions <= V2.3.0 and Function State (FS) <= 3
Create a notification for this product.
Siemens AG SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) Affected: All versions <= V2.3.0 and Function State (FS) <= 3
Create a notification for this product.
Siemens AG SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) Affected: All versions <= V2.2.2 and Function State (FS) <= 8
Create a notification for this product.
Siemens AG SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) Affected: All versions <= V2.3.0 and Function State (FS) <= 3
Create a notification for this product.
Siemens AG SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) Affected: All versions <= V2.2.2 and Function State (FS) <= 10
Create a notification for this product.
Siemens AG SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) Affected: All versions <= V2.3.0 and Function State (FS) <= 3
Create a notification for this product.
Siemens AG SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) Affected: All versions <= V2.5.0 and Function State (FS) <= 11
Create a notification for this product.
Siemens AG SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) Affected: All versions <= V2.5.0 and Function State (FS) <= 10
Create a notification for this product.
Siemens AG SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) Affected: All versions <= V2.5.0 and Function State (FS) <= 10
Create a notification for this product.
Siemens AG SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) Affected: All versions <= V2.5.0 and Function State (FS) <= 12
Create a notification for this product.
Siemens AG SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) Affected: All versions <= V2.5.0 and Function State (FS) <= 9
Create a notification for this product.
Siemens AG SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) Affected: All versions <= V2.5.0 and Function State (FS) <= 9
Create a notification for this product.
Siemens AG SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) Affected: All versions <= V2.5.0 and Function State (FS) <= 8
Create a notification for this product.
Siemens AG SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) Affected: All versions <= V2.5.0 and Function State (FS) <= 8
Create a notification for this product.
Siemens AG SIMATIC S7-200 SMART CPU family Affected: All versions
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:05:44.067Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-1200 CPU family \u003c V4.x (incl. SIPLUS variants)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        },
        {
          "product": "SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions with Function State (FS) \u003c 11"
            }
          ]
        },
        {
          "product": "SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3"
            }
          ]
        },
        {
          "product": "SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3"
            }
          ]
        },
        {
          "product": "SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c= V2.2.2 and Function State (FS) \u003c= 8"
            }
          ]
        },
        {
          "product": "SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3"
            }
          ]
        },
        {
          "product": "SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c= V2.2.2 and Function State (FS) \u003c= 10"
            }
          ]
        },
        {
          "product": "SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3"
            }
          ]
        },
        {
          "product": "SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 11"
            }
          ]
        },
        {
          "product": "SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10"
            }
          ]
        },
        {
          "product": "SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10"
            }
          ]
        },
        {
          "product": "SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 12"
            }
          ]
        },
        {
          "product": "SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9"
            }
          ]
        },
        {
          "product": "SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9"
            }
          ]
        },
        {
          "product": "SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8"
            }
          ]
        },
        {
          "product": "SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0)",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8"
            }
          ]
        },
        {
          "product": "SIMATIC S7-200 SMART CPU family",
          "vendor": "Siemens AG",
          "versions": [
            {
              "status": "affected",
              "version": "All versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family \u003c V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) \u003c 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions \u003c= V2.2.2 and Function State (FS) \u003c= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions \u003c= V2.2.2 and Function State (FS) \u003c= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-749",
              "description": "CWE-749: Exposed Dangerous Method or Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-14T13:18:04.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2019-13945",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-1200 CPU family \u003c V4.x (incl. SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions with Function State (FS) \u003c 11"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c= V2.2.2 and Function State (FS) \u003c= 8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c= V2.2.2 and Function State (FS) \u003c= 10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 11"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 12"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SIMATIC S7-200 SMART CPU family",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens AG"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family \u003c V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) \u003c 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions \u003c= V2.2.2 and Function State (FS) \u003c= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions \u003c= V2.2.2 and Function State (FS) \u003c= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-749: Exposed Dangerous Method or Function"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2019-13945",
    "datePublished": "2019-12-12T13:19:51.000Z",
    "dateReserved": "2019-07-18T00:00:00.000Z",
    "dateUpdated": "2024-08-05T00:05:44.067Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

If you must expose a method, make sure to perform input validation on all arguments, limit access to authorized parties, and protect against all possible vulnerabilities.

Mitigation
Architecture and Design Implementation

Strategy: Attack Surface Reduction

  • Identify all exposed functionality. Explicitly list all functionality that must be exposed to some user or set of users. Identify which functionality may be:
  • Ensure that the implemented code follows these expectations. This includes setting the appropriate access modifiers where applicable (public, private, protected, etc.) or not marking ActiveX controls safe-for-scripting.
  • accessible to all users
  • restricted to a small set of privileged users
  • prevented from being directly accessible at all
CAPEC-500: WebView Injection

An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the injected code, an adversary is able to manipulate the DOM tree and cookies of the page, expose sensitive information, and can launch attacks against the web application from within the web page.