CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CVE-2022-24674 (GCVE-0-2022-24674)
Vulnerability from cvelistv5 – Published: 2023-03-28 00:00 – Updated: 2025-02-19 15:37
VLAI
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the privet API. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15834.
Severity
8.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Canon | imageCLASS MF644Cdw |
Affected:
10.02
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:49.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-516/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/canon-laser-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T15:37:17.104491Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T15:37:21.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "imageCLASS MF644Cdw",
"vendor": "Canon",
"versions": [
{
"status": "affected",
"version": "10.02"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nicolas Devillers ( @nikaiw ), Jean-Romain Garnier and Raphael Rigo ( @_trou_ )"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the privet API. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15834."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-28T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-516/"
},
{
"url": "https://www.usa.canon.com/internet/portal/us/home/support/product-advisories/detail/canon-laser-printer-and-small-office-multifunctional-printer-measure-against-buffer-overflow/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-24674",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-02-08T00:00:00.000Z",
"dateUpdated": "2025-02-19T15:37:21.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2471 (GCVE-0-2022-2471)
Vulnerability from cvelistv5 – Published: 2022-09-15 13:15 – Updated: 2024-09-16 16:57
VLAI
Title
Stack-Based Buffer Overflow Vulnerability in the EZVIZ Motion Detection component
Summary
Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723.
Severity
9.9 (Critical)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.bitdefender.com/blog/labs/vulnerabili… | x_refsource_MISC |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| EZVIZ | CS-CV248 |
Affected:
unspecified , < 5.2.3 build 220725
(custom)
|
|
| EZVIZ | CS-C6N-A0-1C2WFR |
Affected:
unspecified , < 5.3.0 build 220428
(custom)
|
|
| EZVIZ | CS-DB1C-A0-1E2W2FR |
Affected:
unspecified , < 5.3.0 build 220802
(custom)
|
|
| EZVIZ | CS-C6N-B0-1G2WF |
Affected:
unspecified , < 5.3.0 build 220712
(custom)
|
|
| EZVIZ | CS-C3W-A0-3H4WFRL |
Affected:
unspecified , < 5.3.5 build 220723
(custom)
|
Date Public
2022-09-15 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:07.819Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CS-CV248",
"vendor": "EZVIZ",
"versions": [
{
"lessThan": "5.2.3 build 220725",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "CS-C6N-A0-1C2WFR",
"vendor": "EZVIZ",
"versions": [
{
"lessThan": "5.3.0 build 220428",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "CS-DB1C-A0-1E2W2FR",
"vendor": "EZVIZ",
"versions": [
{
"lessThan": "5.3.0 build 220802",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "CS-C6N-B0-1G2WF",
"vendor": "EZVIZ",
"versions": [
{
"lessThan": "5.3.0 build 220712",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "CS-C3W-A0-3H4WFRL",
"vendor": "EZVIZ",
"versions": [
{
"lessThan": "5.3.5 build 220723",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bitdefender Labs"
}
],
"datePublic": "2022-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-15T13:15:15.000Z",
"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"shortName": "Bitdefender"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams"
}
],
"solutions": [
{
"lang": "en",
"value": "Firmware versions for each product model that fixes the vulnerability are available below:\n\nEZVIZ CS-CV248 version 5.2.3 build 220725 and newer.\nEZVIZ CS-C6N-A0-1C2WFR version 5.3.0 build 220428 and newer.\nEZVIZ CS-DB1C-A0-1E2W2FR version 5.3.0 build 220802 and newer.\nEZVIZ CS-C6N-B0-1G2WF version 5.3.0 build 220712 and newer.\nEZVIZ CS-C3W-A0-3H4WFRL version 5.3.5 build 220723 and newer."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Stack-Based Buffer Overflow Vulnerability in the EZVIZ Motion Detection component",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-requests@bitdefender.com",
"DATE_PUBLIC": "2022-09-15T01:00:00.000Z",
"ID": "CVE-2022-2471",
"STATE": "PUBLIC",
"TITLE": "Stack-Based Buffer Overflow Vulnerability in the EZVIZ Motion Detection component"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CS-CV248",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.2.3 build 220725"
}
]
}
},
{
"product_name": "CS-C6N-A0-1C2WFR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.0 build 220428"
}
]
}
},
{
"product_name": "CS-DB1C-A0-1E2W2FR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.0 build 220802"
}
]
}
},
{
"product_name": "CS-C6N-B0-1G2WF",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.0 build 220712"
}
]
}
},
{
"product_name": "CS-C3W-A0-3H4WFRL",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.3.5 build 220723"
}
]
}
}
]
},
"vendor_name": "EZVIZ"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Bitdefender Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams",
"refsource": "MISC",
"url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-ezviz-smart-cams"
}
]
},
"solution": [
{
"lang": "en",
"value": "Firmware versions for each product model that fixes the vulnerability are available below:\n\nEZVIZ CS-CV248 version 5.2.3 build 220725 and newer.\nEZVIZ CS-C6N-A0-1C2WFR version 5.3.0 build 220428 and newer.\nEZVIZ CS-DB1C-A0-1E2W2FR version 5.3.0 build 220802 and newer.\nEZVIZ CS-C6N-B0-1G2WF version 5.3.0 build 220712 and newer.\nEZVIZ CS-C3W-A0-3H4WFRL version 5.3.5 build 220723 and newer."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
"assignerShortName": "Bitdefender",
"cveId": "CVE-2022-2471",
"datePublished": "2022-09-15T13:15:15.916Z",
"dateReserved": "2022-07-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:57:55.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24764 (GCVE-0-2022-24764)
Vulnerability from cvelistv5 – Published: 2022-03-22 00:00 – Updated: 2025-11-04 16:09
VLAI
Title
Stack buffer overflow in pjproject
Summary
PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.
Severity
7.5 (High)
CWE
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/pjsip/pjproject/security/advis… | |
| https://github.com/pjsip/pjproject/commit/560a134… | |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-list |
| https://security.gentoo.org/glsa/202210-37 | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-list |
| https://www.debian.org/security/2022/dsa-5285 | vendor-advisory |
| https://lists.debian.org/debian-lts-announce/2023… | mailing-list |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:09:37.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00"
},
{
"name": "[debian-lts-announce] 20220328 [SECURITY] [DLA 2962-1] pjproject security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"
},
{
"name": "GLSA-202210-37",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-37"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"name": "[debian-lts-announce] 20230829 [SECURITY] [DLA 3549-1] ring security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24764",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:56:28.954605Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:45:11.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pjproject",
"vendor": "pjsip",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-30T00:06:38.960Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m"
},
{
"url": "https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00"
},
{
"name": "[debian-lts-announce] 20220328 [SECURITY] [DLA 2962-1] pjproject security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html"
},
{
"name": "GLSA-202210-37",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-37"
},
{
"name": "[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html"
},
{
"name": "DSA-5285",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5285"
},
{
"name": "[debian-lts-announce] 20230829 [SECURITY] [DLA 3549-1] ring security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html"
}
],
"source": {
"advisory": "GHSA-f5qg-pqcg-765m",
"discovery": "UNKNOWN"
},
"title": "Stack buffer overflow in pjproject"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24764",
"datePublished": "2022-03-22T00:00:00.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-11-04T16:09:37.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-24973 (GCVE-0-2022-24973)
Vulnerability from cvelistv5 – Published: 2023-03-28 00:00 – Updated: 2025-02-19 19:07
VLAI
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13992.
Severity
6.8 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Impacted products
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:01.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-406/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T19:07:48.300270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T19:07:59.472Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TL-WR940N",
"vendor": "TP-Link",
"versions": [
{
"status": "affected",
"version": "3.20.1 Build 200316 Rel.34392n (5553)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Vadym Kolisnichenko"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13992."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-28T00:00:00.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-406/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2022-24973",
"datePublished": "2023-03-28T00:00:00.000Z",
"dateReserved": "2022-02-11T00:00:00.000Z",
"dateUpdated": "2025-02-19T19:07:59.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25170 (GCVE-0-2022-25170)
Vulnerability from cvelistv5 – Published: 2022-02-25 18:10 – Updated: 2025-04-16 18:00
VLAI
Title
ICSA-22-055-01 FATEK Automation FvDesigner
Summary
The affected product is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code
Severity
7.8 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsa-2… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| FATEK Automation | FvDesigner |
Affected:
all , ≤ 1.5.100
(custom)
|
Date Public
2022-02-22 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:05.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25170",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T17:31:15.413905Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T18:00:47.051Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "FvDesigner",
"vendor": "FATEK Automation",
"versions": [
{
"lessThanOrEqual": "1.5.100",
"status": "affected",
"version": "all",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Khangkito of VinCSS and xina1i, working with Trend Micro\u2019s Zero Day initiative, reported these vulnerabilities to CISA."
}
],
"datePublic": "2022-02-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The affected product is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-25T18:10:55.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01"
}
],
"solutions": [
{
"lang": "en",
"value": "FATEK has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact FATEK customer support for additional information."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ICSA-22-055-01 FATEK Automation FvDesigner",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2022-02-22T23:08:00.000Z",
"ID": "CVE-2022-25170",
"STATE": "PUBLIC",
"TITLE": "ICSA-22-055-01 FATEK Automation FvDesigner"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FvDesigner",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "all",
"version_value": "1.5.100"
}
]
}
}
]
},
"vendor_name": "FATEK Automation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Khangkito of VinCSS and xina1i, working with Trend Micro\u2019s Zero Day initiative, reported these vulnerabilities to CISA."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The affected product is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-055-01"
}
]
},
"solution": [
{
"lang": "en",
"value": "FATEK has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of these affected products are invited to contact FATEK customer support for additional information."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-25170",
"datePublished": "2022-02-25T18:10:55.131Z",
"dateReserved": "2022-02-22T00:00:00.000Z",
"dateUpdated": "2025-04-16T18:00:47.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25308 (GCVE-0-2022-25308)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:18 – Updated: 2024-08-03 04:36
VLAI
Summary
A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service.
Severity
No CVSS data available.
CWE
- CWE-121 - - Stack-based Buffer Overflow.
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/fribidi/fribidi/issues/181 | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=2047890 | x_refsource_MISC |
| https://github.com/fribidi/fribidi/pull/184 | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2022-25308 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fribidi/fribidi/issues/181"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047890"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fribidi/fribidi/pull/184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-25308"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "fribidi",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in v1.0.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 - Stack-based Buffer Overflow.",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T17:18:52.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fribidi/fribidi/issues/181"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2047890"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fribidi/fribidi/pull/184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-25308"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-25308",
"datePublished": "2022-09-06T17:18:52.000Z",
"dateReserved": "2022-02-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:36:06.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25334 (GCVE-0-2022-25334)
Vulnerability from cvelistv5 – Published: 2023-10-19 09:36 – Updated: 2024-08-03 04:36
VLAI
Title
Stack overflow on SK_LOAD signature length field in Texas Instruments OMAP L138
Summary
The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data pages. This can be leveraged to obtain arbitrary code execution in secure supervisor context by overwriting a SHA256 function pointer in the secure kernel data area when loading a forged, unsigned SK_LOAD module encrypted with the CEK (obtainable through CVE-2022-25332). This constitutes a full break of the TEE security architecture.
Severity
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://tetraburst.com/ | related |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Texas Instruments | OMAP |
Affected:
L138
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TETRA:BURST",
"tags": [
"related",
"x_transferred"
],
"url": "https://tetraburst.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "OMAP",
"vendor": "Texas Instruments",
"versions": [
{
"status": "affected",
"version": "L138"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Midnight Blue"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) lacks a bounds check on the signature size field in the SK_LOAD module loading routine, present in mask ROM. A module with a sufficiently large signature field causes a stack overflow, affecting secure kernel data pages. This can be leveraged to obtain arbitrary code execution in secure supervisor context by overwriting a SHA256 function pointer in the secure kernel data area when loading a forged, unsigned SK_LOAD module encrypted with the CEK (obtainable through CVE-2022-25332). This constitutes a full break of the TEE security architecture."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C/CR:H/IR:H/AR:H/MAV:L/MAC:L/MPR:H/MUI:N/MS:C/MC:H/MI:H/MA:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T00:27:54.327Z",
"orgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
"shortName": "NCSC-NL"
},
"references": [
{
"name": "TETRA:BURST",
"tags": [
"related"
],
"url": "https://tetraburst.com/"
}
],
"title": "Stack overflow on SK_LOAD signature length field in Texas Instruments OMAP L138"
}
},
"cveMetadata": {
"assignerOrgId": "cf4a7ff5-dd38-4ede-a530-ffaa7ea59c39",
"assignerShortName": "NCSC-NL",
"cveId": "CVE-2022-25334",
"datePublished": "2023-10-19T09:36:09.230Z",
"dateReserved": "2022-02-18T17:18:33.457Z",
"dateUpdated": "2024-08-03T04:36:06.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25753 (GCVE-0-2022-25753)
Vulnerability from cvelistv5 – Published: 2022-04-12 09:07 – Updated: 2024-08-03 04:49
VLAI
Summary
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The handling of arguments such as IP addresses in the CLI of affected devices is prone to buffer overflows. This could allow an authenticated remote attacker to execute arbitrary code on the device.
Severity
No CVSS data available.
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
75 products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE X302-7 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X302-7 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X304-2FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X306-1LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 230V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-2 EEC (2x 24V, coated)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X307-3LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LD",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2LH+",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M PoE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X308-2M TS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X310FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X320-1 FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X320-1-2LD FE",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE X408-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-12M TS (24V)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
},
{
"product": "SIPLUS NET SCALANCE X308-2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The handling of arguments such as IP addresses in the CLI of affected devices is prone to buffer overflows. This could allow an authenticated remote attacker to execute arbitrary code on the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-12T09:07:47.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-25753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCALANCE X302-7 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X302-7 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X304-2FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X306-1LD FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 230V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-2 EEC (2x 24V, coated)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X307-3LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LD",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2LH+",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M PoE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X308-2M TS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X310FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1 FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X320-1-2LD FE",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE X408-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-12M TS (24V)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (230V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE (24V, ports on rear)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SCALANCE XR324-4M PoE TS (24V, ports on front)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
},
{
"product_name": "SIPLUS NET SCALANCE X308-2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1.4"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. The handling of arguments such as IP addresses in the CLI of affected devices is prone to buffer overflows. This could allow an authenticated remote attacker to execute arbitrary code on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836527.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-25753",
"datePublished": "2022-04-12T09:07:47.000Z",
"dateReserved": "2022-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:49:43.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25785 (GCVE-0-2022-25785)
Vulnerability from cvelistv5 – Published: 2022-05-04 13:57 – Updated: 2024-08-03 04:49
VLAI
Title
Buffer overrun
Summary
Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution. This issue affects: Secomea SiteManager all versions prior to 9.7.
Severity
6.6 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.secomea.com/support/cybersecurity-advisory/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Secomea | SiteManager |
Affected:
all , < 9.7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:49:43.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SiteManager",
"vendor": "Secomea",
"versions": [
{
"lessThan": "9.7",
"status": "affected",
"version": "all",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution. This issue affects: Secomea SiteManager all versions prior to 9.7."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-04T13:57:06.000Z",
"orgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"shortName": "Secomea"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
],
"source": {
"defect": [
"RD-5455"
],
"discovery": "INTERNAL"
},
"title": "Buffer overrun",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "VulnerabilityReporting@secomea.com",
"ID": "CVE-2022-25785",
"STATE": "PUBLIC",
"TITLE": "Buffer overrun"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SiteManager",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "all",
"version_value": "9.7"
}
]
}
}
]
},
"vendor_name": "Secomea"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution. This issue affects: Secomea SiteManager all versions prior to 9.7."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121 Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.secomea.com/support/cybersecurity-advisory/",
"refsource": "MISC",
"url": "https://www.secomea.com/support/cybersecurity-advisory/"
}
]
},
"source": {
"defect": [
"RD-5455"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f2815942-3388-4c08-ba09-6c15850fda90",
"assignerShortName": "Secomea",
"cveId": "CVE-2022-25785",
"datePublished": "2022-05-04T13:57:06.000Z",
"dateReserved": "2022-02-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:49:43.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-25949 (GCVE-0-2022-25949)
Vulnerability from cvelistv5 – Published: 2022-03-17 17:15 – Updated: 2024-08-03 04:56
VLAI
Summary
The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow.
Severity
No CVSS data available.
CWE
- CWE-121 - stack-based buffer overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://support.kingsoft.jp/support-info/weakness.html | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN21234459/ | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| KINGSOFT JAPAN, INC. | KINGSOFT Internet Security 9 Plus |
Affected:
Reported for Version 2010.06.23.247
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:56:36.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.kingsoft.jp/support-info/weakness.html"
},
{
"name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN21234459/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "KINGSOFT Internet Security 9 Plus",
"vendor": "KINGSOFT JAPAN, INC.",
"versions": [
{
"status": "affected",
"version": "Reported for Version 2010.06.23.247"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: stack-based buffer overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T17:15:25.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.kingsoft.jp/support-info/weakness.html"
},
{
"name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN21234459/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-25949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "KINGSOFT Internet Security 9 Plus",
"version": {
"version_data": [
{
"version_value": "Reported for Version 2010.06.23.247"
}
]
}
}
]
},
"vendor_name": "KINGSOFT JAPAN, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: stack-based buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kingsoft.jp/support-info/weakness.html",
"refsource": "CONFIRM",
"url": "https://support.kingsoft.jp/support-info/weakness.html"
},
{
"name": "JVN#21234459: Multiple vulnerabilities in KINGSOFT \u0027WPS Office\u0027 and \u0027KINGSOFT Internet Security\u0027",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN21234459/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-25949",
"datePublished": "2022-03-17T17:15:25.000Z",
"dateReserved": "2022-03-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:56:36.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-10
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Phase: Architecture and Design
Description:
- Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Phase: Implementation
Description:
- Implement and perform bounds checking on input.
Mitigation
Phase: Implementation
Description:
- Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation ID: MIT-11
Phases: Operation, Build and Compilation
Strategy: Environment Hardening
Description:
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.