CWE-749
AllowedExposed Dangerous Method or Function
Abstraction: Base · Status: Incomplete
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
304 vulnerabilities reference this CWE, most recent first.
CVE-2020-12927 (GCVE-0-2020-12927)
Vulnerability from cvelistv5 – Published: 2020-11-12 19:09 – Updated: 2024-08-04 12:11- CWE-749 - Exposed Dangerous Method or Function
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | AMD VBIOS Flash Tool SDK |
Affected:
Mitigated in version 3.12
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:18.785Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMD VBIOS Flash Tool SDK",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Mitigated in version 3.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-12T19:09:46.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"ID": "CVE-2020-12927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMD VBIOS Flash Tool SDK",
"version": {
"version_data": [
{
"version_value": "Mitigated in version 3.12"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-749: Exposed Dangerous Method or Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2020-12927",
"datePublished": "2020-11-12T19:09:46.000Z",
"dateReserved": "2020-05-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:11:18.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12912 (GCVE-0-2020-12912)
Vulnerability from cvelistv5 – Published: 2020-11-12 19:08 – Updated: 2024-08-04 12:11- CWE-749 - Exposed Dangerous Method or Function
| URL | Tags |
|---|---|
| https://www.amd.com/en/corporate/product-security | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | AMD extension to Linux "hwmon" for Zen1 platforms |
Affected:
Each Linux distro determines its own version.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:11:18.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.amd.com/en/corporate/product-security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AMD extension to Linux \"hwmon\" for Zen1 platforms",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Each Linux distro determines its own version."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability in the AMD extension to Linux \"hwmon\" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-12T19:08:57.000Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.amd.com/en/corporate/product-security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@amd.com",
"ID": "CVE-2020-12912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMD extension to Linux \"hwmon\" for Zen1 platforms",
"version": {
"version_data": [
{
"version_value": "Each Linux distro determines its own version."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential vulnerability in the AMD extension to Linux \"hwmon\" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-749: Exposed Dangerous Method or Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.amd.com/en/corporate/product-security",
"refsource": "MISC",
"url": "https://www.amd.com/en/corporate/product-security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2020-12912",
"datePublished": "2020-11-12T19:08:57.000Z",
"dateReserved": "2020-05-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:11:18.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10268 (GCVE-0-2020-10268)
Vulnerability from cvelistv5 – Published: 2020-06-16 17:55 – Updated: 2024-09-16 18:59| URL | Tags |
|---|---|
| https://github.com/aliasrobotics/RVD/issues/2550 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| KUKA Roboter GmbH | KR3R540, KRC4, KSS8.5.7HF1, Win7_Embedded |
Affected:
unspecified
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:58:40.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/aliasrobotics/RVD/issues/2550"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "KR3R540, KRC4, KSS8.5.7HF1, Win7_Embedded",
"vendor": "KUKA Roboter GmbH",
"versions": [
{
"status": "affected",
"version": "unspecified"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alias Robotics (group, https://aliasrobotics.com)"
}
],
"datePublic": "2020-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that interfaces with the manipulator furthering the delay and increasing operational costs."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-16T17:55:11.000Z",
"orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
"shortName": "Alias"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/aliasrobotics/RVD/issues/2550"
}
],
"source": {
"defect": [
"RVD#2550"
],
"discovery": "EXTERNAL"
},
"title": "RVD#2550: Terminate Critical Services in KUKA controller KR C4",
"x_ConverterErrors": {
"cvssV3_0": {
"error": "CVSSV3_0 data from v4 record is invalid",
"message": "Malformed CVSS3 vector, trailing \"/\""
}
},
"x_generator": {
"engine": "Robot Vulnerability Database (RVD)"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@aliasrobotics.com",
"DATE_PUBLIC": "2020-06-16T17:49:11 +00:00",
"ID": "CVE-2020-10268",
"STATE": "PUBLIC",
"TITLE": "RVD#2550: Terminate Critical Services in KUKA controller KR C4"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "KR3R540, KRC4, KSS8.5.7HF1, Win7_Embedded",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "KUKA Roboter GmbH"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Alias Robotics (group, https://aliasrobotics.com)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that interfaces with the manipulator furthering the delay and increasing operational costs."
}
]
},
"generator": {
"engine": "Robot Vulnerability Database (RVD)"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "medium",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-749"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/aliasrobotics/RVD/issues/2550",
"refsource": "CONFIRM",
"url": "https://github.com/aliasrobotics/RVD/issues/2550"
}
]
},
"source": {
"defect": [
"RVD#2550"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a",
"assignerShortName": "Alias",
"cveId": "CVE-2020-10268",
"datePublished": "2020-06-16T17:55:11.700Z",
"dateReserved": "2020-03-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:59:43.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8212 (GCVE-0-2020-8212)
Vulnerability from cvelistv5 – Published: 2020-08-17 15:40 – Updated: 2024-08-04 09:56- CWE-749 - Exposed Dangerous Method or Function (CWE-749)
| URL | Tags |
|---|---|
| https://support.citrix.com/article/CTX277457 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Citrix XenMobile Server |
Affected:
Citrix XenMobile Server 10.12 RP3, Citrix XenMobile Server 10.11 RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:56:27.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX277457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Citrix XenMobile Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Citrix XenMobile Server 10.12 RP3, Citrix XenMobile Server 10.11 RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "Exposed Dangerous Method or Function (CWE-749)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-17T15:40:35.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.citrix.com/article/CTX277457"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Citrix XenMobile Server",
"version": {
"version_data": [
{
"version_value": "Citrix XenMobile Server 10.12 RP3, Citrix XenMobile Server 10.11 RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposed Dangerous Method or Function (CWE-749)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX277457",
"refsource": "MISC",
"url": "https://support.citrix.com/article/CTX277457"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8212",
"datePublished": "2020-08-17T15:40:35.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:56:27.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3513 (GCVE-0-2020-3513)
Vulnerability from cvelistv5 – Published: 2020-09-24 17:51 – Updated: 2024-11-13 18:00| URL | Tags |
|---|---|
| https://tools.cisco.com/security/center/content/C… | vendor-advisoryx_refsource_CISCO |
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco IOS XE Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:37:54.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200924 Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rsp3-rce-jVHg8Z7c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T17:17:50.534759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T18:00:59.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-24T17:51:31.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200924 Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rsp3-rce-jVHg8Z7c"
}
],
"source": {
"advisory": "cisco-sa-iosxe-rsp3-rce-jVHg8Z7c",
"defect": [
[
"CSCvr69196",
"CSCvs62410"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-09-24T16:00:00",
"ID": "CVE-2020-3513",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.7",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-749"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200924 Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rsp3-rce-jVHg8Z7c"
}
]
},
"source": {
"advisory": "cisco-sa-iosxe-rsp3-rce-jVHg8Z7c",
"defect": [
[
"CSCvr69196",
"CSCvs62410"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3513",
"datePublished": "2020-09-24T17:51:31.108Z",
"dateReserved": "2019-12-12T00:00:00.000Z",
"dateUpdated": "2024-11-13T18:00:59.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3416 (GCVE-0-2020-3416)
Vulnerability from cvelistv5 – Published: 2020-09-24 18:01 – Updated: 2024-11-13 17:55| URL | Tags |
|---|---|
| https://tools.cisco.com/security/center/content/C… | vendor-advisoryx_refsource_CISCO |
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco IOS XE Software |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:30:58.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20200924 Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rsp3-rce-jVHg8Z7c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-3416",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T17:17:44.728512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T17:55:48.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-09-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-24T18:01:46.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20200924 Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rsp3-rce-jVHg8Z7c"
}
],
"source": {
"advisory": "cisco-sa-iosxe-rsp3-rce-jVHg8Z7c",
"defect": [
[
"CSCvr69196",
"CSCvs62410"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2020-09-24T16:00:00",
"ID": "CVE-2020-3416",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.7",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-749"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20200924 Cisco IOS XE Software for Cisco ASR 900 Series Route Switch Processor 3 Arbitrary Code Execution Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-rsp3-rce-jVHg8Z7c"
}
]
},
"source": {
"advisory": "cisco-sa-iosxe-rsp3-rce-jVHg8Z7c",
"defect": [
[
"CSCvr69196",
"CSCvs62410"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2020-3416",
"datePublished": "2020-09-24T18:01:46.479Z",
"dateReserved": "2019-12-12T00:00:00.000Z",
"dateUpdated": "2024-11-13T17:55:48.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-2503 (GCVE-0-2020-2503)
Vulnerability from cvelistv5 – Published: 2020-12-24 01:39 – Updated: 2024-09-17 03:07| URL | Tags |
|---|---|
| https://www.qnap.com/zh-tw/security-advisory/qsa-20-17 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| QNAP Systems Inc. | QES |
Affected:
unspecified , < 2.1.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:09:54.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-17"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"build 20201006"
],
"product": "QES",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "2.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "TIM Security Red Team Research"
}
],
"datePublic": "2020-12-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749 Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-31T16:33:28.000Z",
"orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"shortName": "qnap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-17"
}
],
"solutions": [
{
"lang": "en",
"value": "QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later."
}
],
"source": {
"advisory": "QSA-20-17",
"discovery": "EXTERNAL"
},
"title": "Stored cross-site scripting vulnerability in QES",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2020-12-23T05:49:00.000Z",
"ID": "CVE-2020-2503",
"STATE": "PUBLIC",
"TITLE": "Stored cross-site scripting vulnerability in QES"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QES",
"version": {
"version_data": [
{
"platform": "build 20201006",
"version_affected": "\u003c",
"version_value": "2.1.1"
}
]
}
}
]
},
"vendor_name": "QNAP Systems Inc."
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "TIM Security Red Team Research"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-749 Exposed Dangerous Method or Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-17",
"refsource": "MISC",
"url": "https://www.qnap.com/zh-tw/security-advisory/qsa-20-17"
}
]
},
"solution": [
{
"lang": "en",
"value": "QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later."
}
],
"source": {
"advisory": "QSA-20-17",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
"assignerShortName": "qnap",
"cveId": "CVE-2020-2503",
"datePublished": "2020-12-24T01:39:08.389Z",
"dateReserved": "2019-12-09T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:07:20.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20923 (GCVE-0-2019-20923)
Vulnerability from cvelistv5 – Published: 2020-11-23 15:30 – Updated: 2024-09-16 17:03- CWE-749 - Exposed Dangerous Method or Function
| URL | Tags |
|---|---|
| https://jira.mongodb.org/browse/SERVER-39481 | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| MongoDB Inc. | MongoDB Server |
Affected:
4.0 , < 4.0.7
(custom)
|
|
| mongodb | mongodb_server |
Affected:
4.0
cpe:2.3:a:mongodb:mongodb_server:4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mongodb:mongodb_server:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mongodb_server",
"vendor": "mongodb",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-20923",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-22T17:28:47.037349Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T17:19:26.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:19.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.mongodb.org/browse/SERVER-39481"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MongoDB Server",
"vendor": "MongoDB Inc.",
"versions": [
{
"lessThan": "4.0.7",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-11-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine\u0027s internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7.\u003c/p\u003e"
}
],
"value": "A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine\u0027s internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749 Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-23T15:01:36.205Z",
"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"shortName": "mongodb"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.mongodb.org/browse/SERVER-39481"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Crash while handling internal Javascript exception types",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@mongodb.com",
"DATE_PUBLIC": "2020-11-30T14:00:00.000Z",
"ID": "CVE-2019-20923",
"STATE": "PUBLIC",
"TITLE": "Crash while handling internal Javascript exception types"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MongoDB Server",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.0",
"version_value": "4.0.7"
}
]
}
}
]
},
"vendor_name": "MongoDB Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine\u0027s internals. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.7."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-749 Exposed Dangerous Method or Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.mongodb.org/browse/SERVER-39481",
"refsource": "CONFIRM",
"url": "https://jira.mongodb.org/browse/SERVER-39481"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"assignerShortName": "mongodb",
"cveId": "CVE-2019-20923",
"datePublished": "2020-11-23T15:30:20.507Z",
"dateReserved": "2020-10-06T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:03:47.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18342 (GCVE-0-2019-18342)
Vulnerability from cvelistv5 – Published: 2019-12-12 19:08 – Updated: 2024-08-05 01:54- CWE-749 - Exposed Dangerous Method or Function
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Control Center Server (CCS) |
Affected:
All versions < V1.5.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:13.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Control Center Server (CCS)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Control Center Server (CCS) (All versions \u003c V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server\n(CCS) does not properly limit its capabilities to the specified purpose.\n\nIn conjunction with CVE-2019-18341, an unauthenticated remote attacker with\nnetwork access to the CCS server could exploit this vulnerability\nto read or delete arbitrary files, or access other resources on the same\nserver."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-09T09:56:17.087Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-18342",
"datePublished": "2019-12-12T19:08:49.000Z",
"dateReserved": "2019-10-23T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:54:13.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13945 (GCVE-0-2019-13945)
Vulnerability from cvelistv5 – Published: 2019-12-12 13:19 – Updated: 2024-08-05 00:05- CWE-749 - Exposed Dangerous Method or Function
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:05:44.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC S7-1200 CPU family \u003c V4.x (incl. SIPLUS variants)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions with Function State (FS) \u003c 11"
}
]
},
{
"product": "SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3"
}
]
},
{
"product": "SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3"
}
]
},
{
"product": "SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c= V2.2.2 and Function State (FS) \u003c= 8"
}
]
},
{
"product": "SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3"
}
]
},
{
"product": "SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c= V2.2.2 and Function State (FS) \u003c= 10"
}
]
},
{
"product": "SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3"
}
]
},
{
"product": "SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 11"
}
]
},
{
"product": "SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10"
}
]
},
{
"product": "SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10"
}
]
},
{
"product": "SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 12"
}
]
},
{
"product": "SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9"
}
]
},
{
"product": "SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9"
}
]
},
{
"product": "SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8"
}
]
},
{
"product": "SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0)",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8"
}
]
},
{
"product": "SIMATIC S7-200 SMART CPU family",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family \u003c V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) \u003c 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions \u003c= V2.2.2 and Function State (FS) \u003c= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions \u003c= V2.2.2 and Function State (FS) \u003c= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T13:18:04.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-13945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-1200 CPU family \u003c V4.x (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions with Function State (FS) \u003c 11"
}
]
}
},
{
"product_name": "SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3"
}
]
}
},
{
"product_name": "SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3"
}
]
}
},
{
"product_name": "SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c= V2.2.2 and Function State (FS) \u003c= 8"
}
]
}
},
{
"product_name": "SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3"
}
]
}
},
{
"product_name": "SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c= V2.2.2 and Function State (FS) \u003c= 10"
}
]
}
},
{
"product_name": "SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3"
}
]
}
},
{
"product_name": "SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 11"
}
]
}
},
{
"product_name": "SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10"
}
]
}
},
{
"product_name": "SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10"
}
]
}
},
{
"product_name": "SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 12"
}
]
}
},
{
"product_name": "SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9"
}
]
}
},
{
"product_name": "SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9"
}
]
}
},
{
"product_name": "SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8"
}
]
}
},
{
"product_name": "SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8"
}
]
}
},
{
"product_name": "SIMATIC S7-200 SMART CPU family",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family \u003c V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) \u003c 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions \u003c= V2.2.2 and Function State (FS) \u003c= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions \u003c= V2.2.2 and Function State (FS) \u003c= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-749: Exposed Dangerous Method or Function"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-13945",
"datePublished": "2019-12-12T13:19:51.000Z",
"dateReserved": "2019-07-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:05:44.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
If you must expose a method, make sure to perform input validation on all arguments, limit access to authorized parties, and protect against all possible vulnerabilities.
Mitigation
Strategy: Attack Surface Reduction
- Identify all exposed functionality. Explicitly list all functionality that must be exposed to some user or set of users. Identify which functionality may be:
- Ensure that the implemented code follows these expectations. This includes setting the appropriate access modifiers where applicable (public, private, protected, etc.) or not marking ActiveX controls safe-for-scripting.
- accessible to all users
- restricted to a small set of privileged users
- prevented from being directly accessible at all
CAPEC-500: WebView Injection
An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the injected code, an adversary is able to manipulate the DOM tree and cookies of the page, expose sensitive information, and can launch attacks against the web application from within the web page.