CWE-141
Improper Neutralization of Parameter/Argument Delimiters
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as parameter or argument delimiters when they are sent to a downstream component.
CVE-2020-7868 (GCVE-0-2020-7868)
Vulnerability from cvelistv5 – Published: 2021-06-29 13:39 – Updated: 2024-08-04 09:41
VLAI?
Summary
A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login.
Severity ?
9.6 (Critical)
CWE
- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:41:01.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36088"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Windows"
],
"product": "helpu.ocx",
"vendor": "HelpU",
"versions": [
{
"lessThanOrEqual": "2020.06.27",
"status": "affected",
"version": "2020.6.27.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141 Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T13:39:21",
"orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"shortName": "krcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36088"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Helpu remote code execution vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"ID": "CVE-2020-7868",
"STATE": "PUBLIC",
"TITLE": "Helpu remote code execution vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "helpu.ocx",
"version": {
"version_data": [
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_name": "2020.6.27.1",
"version_value": "2020.06.27"
}
]
}
}
]
},
"vendor_name": "HelpU"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in helpUS(remote administration tool) due to improper validation of parameter of ShellExecutionExA function used for login."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-141 Improper Neutralization of Parameter/Argument Delimiters"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36088",
"refsource": "MISC",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36088"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
"assignerShortName": "krcert",
"cveId": "CVE-2020-7868",
"datePublished": "2021-06-29T13:39:21",
"dateReserved": "2020-01-22T00:00:00",
"dateUpdated": "2024-08-04T09:41:01.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29872 (GCVE-0-2022-29872)
Vulnerability from cvelistv5 – Published: 2022-05-10 09:47 – Updated: 2024-08-03 06:33
VLAI?
Summary
A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly validate parameters of POST requests. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.
Severity ?
No CVSS data available.
CWE
- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | SICAM P850 |
Affected:
All versions < V3.00
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:43.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00). Affected devices do not properly validate parameters of POST requests. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141: Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-10T09:47:15",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-29872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00). Affected devices do not properly validate parameters of POST requests. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-141: Improper Neutralization of Parameter/Argument Delimiters"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-29872",
"datePublished": "2022-05-10T09:47:15",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T06:33:43.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-29873 (GCVE-0-2022-29873)
Vulnerability from cvelistv5 – Published: 2022-05-10 09:47 – Updated: 2024-08-03 06:33
VLAI?
Summary
A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly validate parameters of certain GET and POST requests. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.
Severity ?
No CVSS data available.
CWE
- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | SICAM P850 |
Affected:
All versions < V3.00
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:33:42.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
},
{
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.00"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00). Affected devices do not properly validate parameters of certain GET and POST requests. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141: Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-10T09:47:16",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2022-29873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P850",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
},
{
"product_name": "SICAM P855",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.00"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P850 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00), SICAM P855 (All versions \u003c V3.00). Affected devices do not properly validate parameters of certain GET and POST requests. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-141: Improper Neutralization of Parameter/Argument Delimiters"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-165073.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-29873",
"datePublished": "2022-05-10T09:47:16",
"dateReserved": "2022-04-28T00:00:00",
"dateUpdated": "2024-08-03T06:33:42.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41665 (GCVE-0-2022-41665)
Vulnerability from cvelistv5 – Published: 2022-10-11 00:00 – Updated: 2025-04-21 13:48
VLAI?
Summary
A vulnerability has been identified in SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P850 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10), SICAM P855 (All versions < V3.10). Affected devices do not properly validate the parameter of a specific GET request. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.
Severity ?
9.8 (Critical)
CWE
- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | SICAM P850 |
Affected:
All versions < V3.10
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:43.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41665",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T15:10:56.862942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T13:48:05.692Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P850",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
},
{
"defaultStatus": "unknown",
"product": "SICAM P855",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P850 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10), SICAM P855 (All versions \u003c V3.10). Affected devices do not properly validate the parameter of a specific GET request. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141: Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T08:16:55.403Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-572005.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-41665",
"datePublished": "2022-10-11T00:00:00.000Z",
"dateReserved": "2022-09-27T00:00:00.000Z",
"dateUpdated": "2025-04-21T13:48:05.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0840 (GCVE-0-2024-0840)
Vulnerability from cvelistv5 – Published: 2024-04-29 18:42 – Updated: 2024-08-01 18:18
VLAI?
Summary
The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.
Severity ?
8.8 (High)
CWE
- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Grandstream | UCM Series |
Affected:
0 , < <1.0.20.52
(custom)
|
Credits
Jacob Baines (VulnCheck)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:grandstream:ucm6202_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ucm6202_firmware",
"vendor": "grandstream",
"versions": [
{
"lessThan": "1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:grandstream:ucm6204_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ucm6204_firmware",
"vendor": "grandstream",
"versions": [
{
"lessThan": "1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:grandstream:ucm6208_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ucm6208_firmware",
"vendor": "grandstream",
"versions": [
{
"lessThan": "1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:grandstream:ucm6510_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ucm6510_firmware",
"vendor": "grandstream",
"versions": [
{
"lessThan": "1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0840",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T19:17:53.854809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:09:24.386Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:18.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://vulncheck.com/advisories/grand-stream-param-injection"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "UCM Series",
"vendor": "Grandstream",
"versions": [
{
"lessThan": "\u003c1.0.20.52",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jacob Baines (VulnCheck)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.\u003cbr\u003e"
}
],
"value": "The Grandstream UCM Series IP PBX before firmware version 1.0.20.52 is affected by a parameter injection vulnerability in the HTTP interface. A remote and authenticated attacker can execute arbitrary code by sending a crafted HTTP request. Authentication may be possible using a default user and password. Affected models are the UCM6202, UCM6204, UCM6208, and UCM6510.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141 Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-29T18:42:57.112Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"url": "https://vulncheck.com/advisories/grand-stream-param-injection"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to firmware version 1.0.20.52 or later. Ensure the web interface is not exposed to the internet.\u003cbr\u003e"
}
],
"value": "Upgrade to firmware version 1.0.20.52 or later. Ensure the web interface is not exposed to the internet.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2024-01-25T17:00:00.000Z",
"value": "VulnCheck reports the vulnerability to Grandstream"
},
{
"lang": "en",
"time": "2024-01-26T02:00:00.000Z",
"value": "Grandstream acknowledges receipt"
},
{
"lang": "en",
"time": "2024-02-08T04:42:00.000Z",
"value": "Grandstream shares a patch build"
},
{
"lang": "en",
"time": "2024-04-26T04:11:00.000Z",
"value": "Grandstream releases 1.0.20.52"
}
],
"title": "Grandstream UCM Series IP PBX HTTP Parameter Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-0840",
"datePublished": "2024-04-29T18:42:57.112Z",
"dateReserved": "2024-01-23T21:10:19.364Z",
"dateUpdated": "2024-08-01T18:18:18.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20338 (GCVE-0-2025-20338)
Vulnerability from cvelistv5 – Published: 2025-09-24 17:14 – Updated: 2025-09-25 03:55
VLAI?
Summary
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device.
This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root.
Severity ?
6 (Medium)
CWE
- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IOS XE Software |
Affected:
3.5.0E
Affected: 3.5.1E Affected: 3.5.2E Affected: 3.5.3E Affected: 3.11.1S Affected: 3.11.2S Affected: 3.11.0S Affected: 3.11.3S Affected: 3.11.4S Affected: 3.12.0S Affected: 3.12.1S Affected: 3.12.2S Affected: 3.12.3S Affected: 3.12.0aS Affected: 3.12.4S Affected: 3.13.0S Affected: 3.13.1S Affected: 3.13.2S Affected: 3.13.3S Affected: 3.13.4S Affected: 3.13.5S Affected: 3.13.2aS Affected: 3.13.0aS Affected: 3.13.5aS Affected: 3.13.6S Affected: 3.13.7S Affected: 3.13.6aS Affected: 3.13.7aS Affected: 3.13.8S Affected: 3.13.9S Affected: 3.13.10S Affected: 3.6.0E Affected: 3.6.1E Affected: 3.6.2aE Affected: 3.6.2E Affected: 3.6.3E Affected: 3.6.4E Affected: 3.6.5E Affected: 3.6.6E Affected: 3.6.5aE Affected: 3.6.7E Affected: 3.6.8E Affected: 3.6.7bE Affected: 3.6.9E Affected: 3.6.10E Affected: 3.14.0S Affected: 3.14.1S Affected: 3.14.2S Affected: 3.14.3S Affected: 3.14.4S Affected: 3.15.0S Affected: 3.15.1S Affected: 3.15.2S Affected: 3.15.1cS Affected: 3.15.3S Affected: 3.15.4S Affected: 3.7.0E Affected: 3.7.1E Affected: 3.7.2E Affected: 3.7.3E Affected: 3.7.4E Affected: 3.7.5E Affected: 3.5.0SQ Affected: 3.5.1SQ Affected: 3.5.2SQ Affected: 3.5.3SQ Affected: 3.5.4SQ Affected: 3.5.5SQ Affected: 3.5.6SQ Affected: 3.5.7SQ Affected: 3.5.8SQ Affected: 3.16.0S Affected: 3.16.1S Affected: 3.16.1aS Affected: 3.16.2S Affected: 3.16.2aS Affected: 3.16.0cS Affected: 3.16.3S Affected: 3.16.2bS Affected: 3.16.3aS Affected: 3.16.4S Affected: 3.16.4aS Affected: 3.16.4bS Affected: 3.16.5S Affected: 3.16.4dS Affected: 3.16.6S Affected: 3.16.7S Affected: 3.16.6bS Affected: 3.16.7aS Affected: 3.16.7bS Affected: 3.16.8S Affected: 3.16.9S Affected: 3.16.10S Affected: 3.17.0S Affected: 3.17.1S Affected: 3.17.2S Affected: 3.17.1aS Affected: 3.17.3S Affected: 3.17.4S Affected: 3.8.0E Affected: 3.8.1E Affected: 3.8.2E Affected: 3.8.3E Affected: 3.8.4E Affected: 3.8.5E Affected: 3.8.5aE Affected: 3.8.6E Affected: 3.8.7E Affected: 3.8.8E Affected: 3.8.9E Affected: 3.8.10E Affected: 3.8.10eE Affected: 3.18.0aS Affected: 3.18.0S Affected: 3.18.1S Affected: 3.18.2S Affected: 3.18.3S Affected: 3.18.4S Affected: 3.18.0SP Affected: 3.18.1SP Affected: 3.18.1aSP Affected: 3.18.1bSP Affected: 3.18.1cSP Affected: 3.18.2SP Affected: 3.18.2aSP Affected: 3.18.3SP Affected: 3.18.4SP Affected: 3.18.3aSP Affected: 3.18.3bSP Affected: 3.18.5SP Affected: 3.18.6SP Affected: 3.18.7SP Affected: 3.18.8aSP Affected: 3.18.9SP Affected: 3.9.0E Affected: 3.9.1E Affected: 3.9.2E Affected: 16.6.1 Affected: 16.6.2 Affected: 16.6.3 Affected: 16.6.4 Affected: 16.6.5 Affected: 16.6.4a Affected: 16.6.5a Affected: 16.6.6 Affected: 16.6.7 Affected: 16.6.8 Affected: 16.6.9 Affected: 16.6.10 Affected: 16.7.1 Affected: 16.7.1a Affected: 16.7.1b Affected: 16.7.2 Affected: 16.7.3 Affected: 16.7.4 Affected: 16.8.1 Affected: 16.8.1a Affected: 16.8.1b Affected: 16.8.1s Affected: 16.8.1c Affected: 16.8.1d Affected: 16.8.2 Affected: 16.8.1e Affected: 16.8.3 Affected: 16.9.1 Affected: 16.9.2 Affected: 16.9.1a Affected: 16.9.1b Affected: 16.9.1s Affected: 16.9.3 Affected: 16.9.4 Affected: 16.9.3a Affected: 16.9.5 Affected: 16.9.5f Affected: 16.9.6 Affected: 16.9.7 Affected: 16.9.8 Affected: 16.10.1 Affected: 16.10.1a Affected: 16.10.1b Affected: 16.10.1s Affected: 16.10.1c Affected: 16.10.1e Affected: 16.10.1d Affected: 16.10.2 Affected: 16.10.1f Affected: 16.10.1g Affected: 16.10.3 Affected: 3.10.0E Affected: 3.10.1E Affected: 3.10.0cE Affected: 3.10.2E Affected: 3.10.3E Affected: 16.11.1 Affected: 16.11.1a Affected: 16.11.1b Affected: 16.11.2 Affected: 16.11.1s Affected: 16.12.1 Affected: 16.12.1s Affected: 16.12.1a Affected: 16.12.1c Affected: 16.12.1w Affected: 16.12.2 Affected: 16.12.1y Affected: 16.12.2a Affected: 16.12.3 Affected: 16.12.8 Affected: 16.12.2s Affected: 16.12.1x Affected: 16.12.1t Affected: 16.12.4 Affected: 16.12.3s Affected: 16.12.3a Affected: 16.12.4a Affected: 16.12.5 Affected: 16.12.6 Affected: 16.12.1z1 Affected: 16.12.5a Affected: 16.12.5b Affected: 16.12.1z2 Affected: 16.12.6a Affected: 16.12.7 Affected: 16.12.9 Affected: 16.12.10 Affected: 16.12.10a Affected: 16.12.11 Affected: 16.12.12 Affected: 16.12.13 Affected: 3.11.0E Affected: 3.11.1E Affected: 3.11.2E Affected: 3.11.3E Affected: 3.11.1aE Affected: 3.11.4E Affected: 3.11.3aE Affected: 3.11.5E Affected: 3.11.6E Affected: 3.11.7E Affected: 3.11.8E Affected: 3.11.9E Affected: 3.11.10E Affected: 3.11.11E Affected: 3.11.12E Affected: 17.1.1 Affected: 17.1.1a Affected: 17.1.1s Affected: 17.1.1t Affected: 17.1.3 Affected: 17.2.1 Affected: 17.2.1r Affected: 17.2.1a Affected: 17.2.1v Affected: 17.2.2 Affected: 17.2.3 Affected: 17.3.1 Affected: 17.3.2 Affected: 17.3.3 Affected: 17.3.1a Affected: 17.3.1w Affected: 17.3.2a Affected: 17.3.1x Affected: 17.3.1z Affected: 17.3.4 Affected: 17.3.5 Affected: 17.3.4a Affected: 17.3.6 Affected: 17.3.4b Affected: 17.3.4c Affected: 17.3.5a Affected: 17.3.5b Affected: 17.3.7 Affected: 17.3.8 Affected: 17.3.8a Affected: 17.4.1 Affected: 17.4.2 Affected: 17.4.1a Affected: 17.4.1b Affected: 17.4.2a Affected: 17.5.1 Affected: 17.5.1a Affected: 17.6.1 Affected: 17.6.2 Affected: 17.6.1w Affected: 17.6.1a Affected: 17.6.1x Affected: 17.6.3 Affected: 17.6.1y Affected: 17.6.1z Affected: 17.6.3a Affected: 17.6.4 Affected: 17.6.1z1 Affected: 17.6.5 Affected: 17.6.6 Affected: 17.6.6a Affected: 17.6.5a Affected: 17.6.7 Affected: 17.6.8 Affected: 17.6.8a Affected: 17.7.1 Affected: 17.7.1a Affected: 17.7.1b Affected: 17.7.2 Affected: 17.10.1 Affected: 17.10.1a Affected: 17.10.1b Affected: 17.8.1 Affected: 17.8.1a Affected: 17.9.1 Affected: 17.9.1w Affected: 17.9.2 Affected: 17.9.1a Affected: 17.9.1x Affected: 17.9.1y Affected: 17.9.3 Affected: 17.9.2a Affected: 17.9.1x1 Affected: 17.9.3a Affected: 17.9.4 Affected: 17.9.1y1 Affected: 17.9.5 Affected: 17.9.4a Affected: 17.9.5a Affected: 17.9.5b Affected: 17.9.6 Affected: 17.9.6a Affected: 17.9.7 Affected: 17.9.5e Affected: 17.9.5f Affected: 17.9.7a Affected: 17.9.7b Affected: 17.11.1 Affected: 17.11.1a Affected: 17.12.1 Affected: 17.12.1w Affected: 17.12.1a Affected: 17.12.1x Affected: 17.12.2 Affected: 17.12.3 Affected: 17.12.2a Affected: 17.12.1y Affected: 17.12.1z Affected: 17.12.4 Affected: 17.12.3a Affected: 17.12.1z1 Affected: 17.12.1z2 Affected: 17.12.4a Affected: 17.12.5 Affected: 17.12.4b Affected: 17.12.1z3 Affected: 17.12.5a Affected: 17.12.1z4 Affected: 17.12.5b Affected: 17.12.5c Affected: 17.13.1 Affected: 17.13.1a Affected: 17.14.1 Affected: 17.14.1a Affected: 17.15.1 Affected: 17.15.1w Affected: 17.15.1a Affected: 17.15.2 Affected: 17.15.1b Affected: 17.15.1x Affected: 17.15.1z Affected: 17.15.3 Affected: 17.15.2c Affected: 17.15.2a Affected: 17.15.1y Affected: 17.15.2b Affected: 17.15.3a Affected: 17.15.3b Affected: 17.16.1 Affected: 17.16.1a |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20338",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T03:55:59.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.5.0E"
},
{
"status": "affected",
"version": "3.5.1E"
},
{
"status": "affected",
"version": "3.5.2E"
},
{
"status": "affected",
"version": "3.5.3E"
},
{
"status": "affected",
"version": "3.11.1S"
},
{
"status": "affected",
"version": "3.11.2S"
},
{
"status": "affected",
"version": "3.11.0S"
},
{
"status": "affected",
"version": "3.11.3S"
},
{
"status": "affected",
"version": "3.11.4S"
},
{
"status": "affected",
"version": "3.12.0S"
},
{
"status": "affected",
"version": "3.12.1S"
},
{
"status": "affected",
"version": "3.12.2S"
},
{
"status": "affected",
"version": "3.12.3S"
},
{
"status": "affected",
"version": "3.12.0aS"
},
{
"status": "affected",
"version": "3.12.4S"
},
{
"status": "affected",
"version": "3.13.0S"
},
{
"status": "affected",
"version": "3.13.1S"
},
{
"status": "affected",
"version": "3.13.2S"
},
{
"status": "affected",
"version": "3.13.3S"
},
{
"status": "affected",
"version": "3.13.4S"
},
{
"status": "affected",
"version": "3.13.5S"
},
{
"status": "affected",
"version": "3.13.2aS"
},
{
"status": "affected",
"version": "3.13.0aS"
},
{
"status": "affected",
"version": "3.13.5aS"
},
{
"status": "affected",
"version": "3.13.6S"
},
{
"status": "affected",
"version": "3.13.7S"
},
{
"status": "affected",
"version": "3.13.6aS"
},
{
"status": "affected",
"version": "3.13.7aS"
},
{
"status": "affected",
"version": "3.13.8S"
},
{
"status": "affected",
"version": "3.13.9S"
},
{
"status": "affected",
"version": "3.13.10S"
},
{
"status": "affected",
"version": "3.6.0E"
},
{
"status": "affected",
"version": "3.6.1E"
},
{
"status": "affected",
"version": "3.6.2aE"
},
{
"status": "affected",
"version": "3.6.2E"
},
{
"status": "affected",
"version": "3.6.3E"
},
{
"status": "affected",
"version": "3.6.4E"
},
{
"status": "affected",
"version": "3.6.5E"
},
{
"status": "affected",
"version": "3.6.6E"
},
{
"status": "affected",
"version": "3.6.5aE"
},
{
"status": "affected",
"version": "3.6.7E"
},
{
"status": "affected",
"version": "3.6.8E"
},
{
"status": "affected",
"version": "3.6.7bE"
},
{
"status": "affected",
"version": "3.6.9E"
},
{
"status": "affected",
"version": "3.6.10E"
},
{
"status": "affected",
"version": "3.14.0S"
},
{
"status": "affected",
"version": "3.14.1S"
},
{
"status": "affected",
"version": "3.14.2S"
},
{
"status": "affected",
"version": "3.14.3S"
},
{
"status": "affected",
"version": "3.14.4S"
},
{
"status": "affected",
"version": "3.15.0S"
},
{
"status": "affected",
"version": "3.15.1S"
},
{
"status": "affected",
"version": "3.15.2S"
},
{
"status": "affected",
"version": "3.15.1cS"
},
{
"status": "affected",
"version": "3.15.3S"
},
{
"status": "affected",
"version": "3.15.4S"
},
{
"status": "affected",
"version": "3.7.0E"
},
{
"status": "affected",
"version": "3.7.1E"
},
{
"status": "affected",
"version": "3.7.2E"
},
{
"status": "affected",
"version": "3.7.3E"
},
{
"status": "affected",
"version": "3.7.4E"
},
{
"status": "affected",
"version": "3.7.5E"
},
{
"status": "affected",
"version": "3.5.0SQ"
},
{
"status": "affected",
"version": "3.5.1SQ"
},
{
"status": "affected",
"version": "3.5.2SQ"
},
{
"status": "affected",
"version": "3.5.3SQ"
},
{
"status": "affected",
"version": "3.5.4SQ"
},
{
"status": "affected",
"version": "3.5.5SQ"
},
{
"status": "affected",
"version": "3.5.6SQ"
},
{
"status": "affected",
"version": "3.5.7SQ"
},
{
"status": "affected",
"version": "3.5.8SQ"
},
{
"status": "affected",
"version": "3.16.0S"
},
{
"status": "affected",
"version": "3.16.1S"
},
{
"status": "affected",
"version": "3.16.1aS"
},
{
"status": "affected",
"version": "3.16.2S"
},
{
"status": "affected",
"version": "3.16.2aS"
},
{
"status": "affected",
"version": "3.16.0cS"
},
{
"status": "affected",
"version": "3.16.3S"
},
{
"status": "affected",
"version": "3.16.2bS"
},
{
"status": "affected",
"version": "3.16.3aS"
},
{
"status": "affected",
"version": "3.16.4S"
},
{
"status": "affected",
"version": "3.16.4aS"
},
{
"status": "affected",
"version": "3.16.4bS"
},
{
"status": "affected",
"version": "3.16.5S"
},
{
"status": "affected",
"version": "3.16.4dS"
},
{
"status": "affected",
"version": "3.16.6S"
},
{
"status": "affected",
"version": "3.16.7S"
},
{
"status": "affected",
"version": "3.16.6bS"
},
{
"status": "affected",
"version": "3.16.7aS"
},
{
"status": "affected",
"version": "3.16.7bS"
},
{
"status": "affected",
"version": "3.16.8S"
},
{
"status": "affected",
"version": "3.16.9S"
},
{
"status": "affected",
"version": "3.16.10S"
},
{
"status": "affected",
"version": "3.17.0S"
},
{
"status": "affected",
"version": "3.17.1S"
},
{
"status": "affected",
"version": "3.17.2S"
},
{
"status": "affected",
"version": "3.17.1aS"
},
{
"status": "affected",
"version": "3.17.3S"
},
{
"status": "affected",
"version": "3.17.4S"
},
{
"status": "affected",
"version": "3.8.0E"
},
{
"status": "affected",
"version": "3.8.1E"
},
{
"status": "affected",
"version": "3.8.2E"
},
{
"status": "affected",
"version": "3.8.3E"
},
{
"status": "affected",
"version": "3.8.4E"
},
{
"status": "affected",
"version": "3.8.5E"
},
{
"status": "affected",
"version": "3.8.5aE"
},
{
"status": "affected",
"version": "3.8.6E"
},
{
"status": "affected",
"version": "3.8.7E"
},
{
"status": "affected",
"version": "3.8.8E"
},
{
"status": "affected",
"version": "3.8.9E"
},
{
"status": "affected",
"version": "3.8.10E"
},
{
"status": "affected",
"version": "3.8.10eE"
},
{
"status": "affected",
"version": "3.18.0aS"
},
{
"status": "affected",
"version": "3.18.0S"
},
{
"status": "affected",
"version": "3.18.1S"
},
{
"status": "affected",
"version": "3.18.2S"
},
{
"status": "affected",
"version": "3.18.3S"
},
{
"status": "affected",
"version": "3.18.4S"
},
{
"status": "affected",
"version": "3.18.0SP"
},
{
"status": "affected",
"version": "3.18.1SP"
},
{
"status": "affected",
"version": "3.18.1aSP"
},
{
"status": "affected",
"version": "3.18.1bSP"
},
{
"status": "affected",
"version": "3.18.1cSP"
},
{
"status": "affected",
"version": "3.18.2SP"
},
{
"status": "affected",
"version": "3.18.2aSP"
},
{
"status": "affected",
"version": "3.18.3SP"
},
{
"status": "affected",
"version": "3.18.4SP"
},
{
"status": "affected",
"version": "3.18.3aSP"
},
{
"status": "affected",
"version": "3.18.3bSP"
},
{
"status": "affected",
"version": "3.18.5SP"
},
{
"status": "affected",
"version": "3.18.6SP"
},
{
"status": "affected",
"version": "3.18.7SP"
},
{
"status": "affected",
"version": "3.18.8aSP"
},
{
"status": "affected",
"version": "3.18.9SP"
},
{
"status": "affected",
"version": "3.9.0E"
},
{
"status": "affected",
"version": "3.9.1E"
},
{
"status": "affected",
"version": "3.9.2E"
},
{
"status": "affected",
"version": "16.6.1"
},
{
"status": "affected",
"version": "16.6.2"
},
{
"status": "affected",
"version": "16.6.3"
},
{
"status": "affected",
"version": "16.6.4"
},
{
"status": "affected",
"version": "16.6.5"
},
{
"status": "affected",
"version": "16.6.4a"
},
{
"status": "affected",
"version": "16.6.5a"
},
{
"status": "affected",
"version": "16.6.6"
},
{
"status": "affected",
"version": "16.6.7"
},
{
"status": "affected",
"version": "16.6.8"
},
{
"status": "affected",
"version": "16.6.9"
},
{
"status": "affected",
"version": "16.6.10"
},
{
"status": "affected",
"version": "16.7.1"
},
{
"status": "affected",
"version": "16.7.1a"
},
{
"status": "affected",
"version": "16.7.1b"
},
{
"status": "affected",
"version": "16.7.2"
},
{
"status": "affected",
"version": "16.7.3"
},
{
"status": "affected",
"version": "16.7.4"
},
{
"status": "affected",
"version": "16.8.1"
},
{
"status": "affected",
"version": "16.8.1a"
},
{
"status": "affected",
"version": "16.8.1b"
},
{
"status": "affected",
"version": "16.8.1s"
},
{
"status": "affected",
"version": "16.8.1c"
},
{
"status": "affected",
"version": "16.8.1d"
},
{
"status": "affected",
"version": "16.8.2"
},
{
"status": "affected",
"version": "16.8.1e"
},
{
"status": "affected",
"version": "16.8.3"
},
{
"status": "affected",
"version": "16.9.1"
},
{
"status": "affected",
"version": "16.9.2"
},
{
"status": "affected",
"version": "16.9.1a"
},
{
"status": "affected",
"version": "16.9.1b"
},
{
"status": "affected",
"version": "16.9.1s"
},
{
"status": "affected",
"version": "16.9.3"
},
{
"status": "affected",
"version": "16.9.4"
},
{
"status": "affected",
"version": "16.9.3a"
},
{
"status": "affected",
"version": "16.9.5"
},
{
"status": "affected",
"version": "16.9.5f"
},
{
"status": "affected",
"version": "16.9.6"
},
{
"status": "affected",
"version": "16.9.7"
},
{
"status": "affected",
"version": "16.9.8"
},
{
"status": "affected",
"version": "16.10.1"
},
{
"status": "affected",
"version": "16.10.1a"
},
{
"status": "affected",
"version": "16.10.1b"
},
{
"status": "affected",
"version": "16.10.1s"
},
{
"status": "affected",
"version": "16.10.1c"
},
{
"status": "affected",
"version": "16.10.1e"
},
{
"status": "affected",
"version": "16.10.1d"
},
{
"status": "affected",
"version": "16.10.2"
},
{
"status": "affected",
"version": "16.10.1f"
},
{
"status": "affected",
"version": "16.10.1g"
},
{
"status": "affected",
"version": "16.10.3"
},
{
"status": "affected",
"version": "3.10.0E"
},
{
"status": "affected",
"version": "3.10.1E"
},
{
"status": "affected",
"version": "3.10.0cE"
},
{
"status": "affected",
"version": "3.10.2E"
},
{
"status": "affected",
"version": "3.10.3E"
},
{
"status": "affected",
"version": "16.11.1"
},
{
"status": "affected",
"version": "16.11.1a"
},
{
"status": "affected",
"version": "16.11.1b"
},
{
"status": "affected",
"version": "16.11.2"
},
{
"status": "affected",
"version": "16.11.1s"
},
{
"status": "affected",
"version": "16.12.1"
},
{
"status": "affected",
"version": "16.12.1s"
},
{
"status": "affected",
"version": "16.12.1a"
},
{
"status": "affected",
"version": "16.12.1c"
},
{
"status": "affected",
"version": "16.12.1w"
},
{
"status": "affected",
"version": "16.12.2"
},
{
"status": "affected",
"version": "16.12.1y"
},
{
"status": "affected",
"version": "16.12.2a"
},
{
"status": "affected",
"version": "16.12.3"
},
{
"status": "affected",
"version": "16.12.8"
},
{
"status": "affected",
"version": "16.12.2s"
},
{
"status": "affected",
"version": "16.12.1x"
},
{
"status": "affected",
"version": "16.12.1t"
},
{
"status": "affected",
"version": "16.12.4"
},
{
"status": "affected",
"version": "16.12.3s"
},
{
"status": "affected",
"version": "16.12.3a"
},
{
"status": "affected",
"version": "16.12.4a"
},
{
"status": "affected",
"version": "16.12.5"
},
{
"status": "affected",
"version": "16.12.6"
},
{
"status": "affected",
"version": "16.12.1z1"
},
{
"status": "affected",
"version": "16.12.5a"
},
{
"status": "affected",
"version": "16.12.5b"
},
{
"status": "affected",
"version": "16.12.1z2"
},
{
"status": "affected",
"version": "16.12.6a"
},
{
"status": "affected",
"version": "16.12.7"
},
{
"status": "affected",
"version": "16.12.9"
},
{
"status": "affected",
"version": "16.12.10"
},
{
"status": "affected",
"version": "16.12.10a"
},
{
"status": "affected",
"version": "16.12.11"
},
{
"status": "affected",
"version": "16.12.12"
},
{
"status": "affected",
"version": "16.12.13"
},
{
"status": "affected",
"version": "3.11.0E"
},
{
"status": "affected",
"version": "3.11.1E"
},
{
"status": "affected",
"version": "3.11.2E"
},
{
"status": "affected",
"version": "3.11.3E"
},
{
"status": "affected",
"version": "3.11.1aE"
},
{
"status": "affected",
"version": "3.11.4E"
},
{
"status": "affected",
"version": "3.11.3aE"
},
{
"status": "affected",
"version": "3.11.5E"
},
{
"status": "affected",
"version": "3.11.6E"
},
{
"status": "affected",
"version": "3.11.7E"
},
{
"status": "affected",
"version": "3.11.8E"
},
{
"status": "affected",
"version": "3.11.9E"
},
{
"status": "affected",
"version": "3.11.10E"
},
{
"status": "affected",
"version": "3.11.11E"
},
{
"status": "affected",
"version": "3.11.12E"
},
{
"status": "affected",
"version": "17.1.1"
},
{
"status": "affected",
"version": "17.1.1a"
},
{
"status": "affected",
"version": "17.1.1s"
},
{
"status": "affected",
"version": "17.1.1t"
},
{
"status": "affected",
"version": "17.1.3"
},
{
"status": "affected",
"version": "17.2.1"
},
{
"status": "affected",
"version": "17.2.1r"
},
{
"status": "affected",
"version": "17.2.1a"
},
{
"status": "affected",
"version": "17.2.1v"
},
{
"status": "affected",
"version": "17.2.2"
},
{
"status": "affected",
"version": "17.2.3"
},
{
"status": "affected",
"version": "17.3.1"
},
{
"status": "affected",
"version": "17.3.2"
},
{
"status": "affected",
"version": "17.3.3"
},
{
"status": "affected",
"version": "17.3.1a"
},
{
"status": "affected",
"version": "17.3.1w"
},
{
"status": "affected",
"version": "17.3.2a"
},
{
"status": "affected",
"version": "17.3.1x"
},
{
"status": "affected",
"version": "17.3.1z"
},
{
"status": "affected",
"version": "17.3.4"
},
{
"status": "affected",
"version": "17.3.5"
},
{
"status": "affected",
"version": "17.3.4a"
},
{
"status": "affected",
"version": "17.3.6"
},
{
"status": "affected",
"version": "17.3.4b"
},
{
"status": "affected",
"version": "17.3.4c"
},
{
"status": "affected",
"version": "17.3.5a"
},
{
"status": "affected",
"version": "17.3.5b"
},
{
"status": "affected",
"version": "17.3.7"
},
{
"status": "affected",
"version": "17.3.8"
},
{
"status": "affected",
"version": "17.3.8a"
},
{
"status": "affected",
"version": "17.4.1"
},
{
"status": "affected",
"version": "17.4.2"
},
{
"status": "affected",
"version": "17.4.1a"
},
{
"status": "affected",
"version": "17.4.1b"
},
{
"status": "affected",
"version": "17.4.2a"
},
{
"status": "affected",
"version": "17.5.1"
},
{
"status": "affected",
"version": "17.5.1a"
},
{
"status": "affected",
"version": "17.6.1"
},
{
"status": "affected",
"version": "17.6.2"
},
{
"status": "affected",
"version": "17.6.1w"
},
{
"status": "affected",
"version": "17.6.1a"
},
{
"status": "affected",
"version": "17.6.1x"
},
{
"status": "affected",
"version": "17.6.3"
},
{
"status": "affected",
"version": "17.6.1y"
},
{
"status": "affected",
"version": "17.6.1z"
},
{
"status": "affected",
"version": "17.6.3a"
},
{
"status": "affected",
"version": "17.6.4"
},
{
"status": "affected",
"version": "17.6.1z1"
},
{
"status": "affected",
"version": "17.6.5"
},
{
"status": "affected",
"version": "17.6.6"
},
{
"status": "affected",
"version": "17.6.6a"
},
{
"status": "affected",
"version": "17.6.5a"
},
{
"status": "affected",
"version": "17.6.7"
},
{
"status": "affected",
"version": "17.6.8"
},
{
"status": "affected",
"version": "17.6.8a"
},
{
"status": "affected",
"version": "17.7.1"
},
{
"status": "affected",
"version": "17.7.1a"
},
{
"status": "affected",
"version": "17.7.1b"
},
{
"status": "affected",
"version": "17.7.2"
},
{
"status": "affected",
"version": "17.10.1"
},
{
"status": "affected",
"version": "17.10.1a"
},
{
"status": "affected",
"version": "17.10.1b"
},
{
"status": "affected",
"version": "17.8.1"
},
{
"status": "affected",
"version": "17.8.1a"
},
{
"status": "affected",
"version": "17.9.1"
},
{
"status": "affected",
"version": "17.9.1w"
},
{
"status": "affected",
"version": "17.9.2"
},
{
"status": "affected",
"version": "17.9.1a"
},
{
"status": "affected",
"version": "17.9.1x"
},
{
"status": "affected",
"version": "17.9.1y"
},
{
"status": "affected",
"version": "17.9.3"
},
{
"status": "affected",
"version": "17.9.2a"
},
{
"status": "affected",
"version": "17.9.1x1"
},
{
"status": "affected",
"version": "17.9.3a"
},
{
"status": "affected",
"version": "17.9.4"
},
{
"status": "affected",
"version": "17.9.1y1"
},
{
"status": "affected",
"version": "17.9.5"
},
{
"status": "affected",
"version": "17.9.4a"
},
{
"status": "affected",
"version": "17.9.5a"
},
{
"status": "affected",
"version": "17.9.5b"
},
{
"status": "affected",
"version": "17.9.6"
},
{
"status": "affected",
"version": "17.9.6a"
},
{
"status": "affected",
"version": "17.9.7"
},
{
"status": "affected",
"version": "17.9.5e"
},
{
"status": "affected",
"version": "17.9.5f"
},
{
"status": "affected",
"version": "17.9.7a"
},
{
"status": "affected",
"version": "17.9.7b"
},
{
"status": "affected",
"version": "17.11.1"
},
{
"status": "affected",
"version": "17.11.1a"
},
{
"status": "affected",
"version": "17.12.1"
},
{
"status": "affected",
"version": "17.12.1w"
},
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.12.1x"
},
{
"status": "affected",
"version": "17.12.2"
},
{
"status": "affected",
"version": "17.12.3"
},
{
"status": "affected",
"version": "17.12.2a"
},
{
"status": "affected",
"version": "17.12.1y"
},
{
"status": "affected",
"version": "17.12.1z"
},
{
"status": "affected",
"version": "17.12.4"
},
{
"status": "affected",
"version": "17.12.3a"
},
{
"status": "affected",
"version": "17.12.1z1"
},
{
"status": "affected",
"version": "17.12.1z2"
},
{
"status": "affected",
"version": "17.12.4a"
},
{
"status": "affected",
"version": "17.12.5"
},
{
"status": "affected",
"version": "17.12.4b"
},
{
"status": "affected",
"version": "17.12.1z3"
},
{
"status": "affected",
"version": "17.12.5a"
},
{
"status": "affected",
"version": "17.12.1z4"
},
{
"status": "affected",
"version": "17.12.5b"
},
{
"status": "affected",
"version": "17.12.5c"
},
{
"status": "affected",
"version": "17.13.1"
},
{
"status": "affected",
"version": "17.13.1a"
},
{
"status": "affected",
"version": "17.14.1"
},
{
"status": "affected",
"version": "17.14.1a"
},
{
"status": "affected",
"version": "17.15.1"
},
{
"status": "affected",
"version": "17.15.1w"
},
{
"status": "affected",
"version": "17.15.1a"
},
{
"status": "affected",
"version": "17.15.2"
},
{
"status": "affected",
"version": "17.15.1b"
},
{
"status": "affected",
"version": "17.15.1x"
},
{
"status": "affected",
"version": "17.15.1z"
},
{
"status": "affected",
"version": "17.15.3"
},
{
"status": "affected",
"version": "17.15.2c"
},
{
"status": "affected",
"version": "17.15.2a"
},
{
"status": "affected",
"version": "17.15.1y"
},
{
"status": "affected",
"version": "17.15.2b"
},
{
"status": "affected",
"version": "17.15.3a"
},
{
"status": "affected",
"version": "17.15.3b"
},
{
"status": "affected",
"version": "17.16.1"
},
{
"status": "affected",
"version": "17.16.1a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device.\r\n\r This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by logging in to the device CLI with valid administrative (level 15) credentials and using crafted commands at the CLI prompt. A successful exploit could allow the attacker to execute arbitrary commands as root."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "Improper Neutralization of Parameter/Argument Delimiters",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T17:14:57.638Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-iosxe-arg-inject-EyDDbh4e",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-arg-inject-EyDDbh4e"
}
],
"source": {
"advisory": "cisco-sa-iosxe-arg-inject-EyDDbh4e",
"defects": [
"CSCwm41327"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20338",
"datePublished": "2025-09-24T17:14:57.638Z",
"dateReserved": "2024-10-10T19:15:13.255Z",
"dateUpdated": "2025-09-25T03:55:59.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31329 (GCVE-0-2025-31329)
Vulnerability from cvelistv5 – Published: 2025-05-13 00:16 – Updated: 2025-05-13 13:55
VLAI?
Summary
SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim, sensitive information such as user credentials is exposed. These credentials may then be used to gain unauthorized access to local or adjacent systems. This results in high impact to Confidentiality, with no significant effect on Integrity or Availability.
Severity ?
6.2 (Medium)
CWE
- CWE-141 - Improper Neutralization of Parameter/Argument Delimiters
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP NetWeaver Application Server ABAP and ABAP Platform |
Affected:
SAP_BASIS 700
Affected: SAP_BASIS 701 Affected: SAP_BASIS 702 Affected: SAP_BASIS 731 Affected: SAP_BASIS 740 Affected: SAP_BASIS 750 Affected: SAP_BASIS 751 Affected: SAP_BASIS 752 Affected: SAP_BASIS 753 Affected: SAP_BASIS 754 Affected: SAP_BASIS 755 Affected: SAP_BASIS 756 Affected: SAP_BASIS 757 Affected: SAP_BASIS 758 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:55:50.794345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:55:58.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver Application Server ABAP and ABAP Platform",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "SAP_BASIS 700"
},
{
"status": "affected",
"version": "SAP_BASIS 701"
},
{
"status": "affected",
"version": "SAP_BASIS 702"
},
{
"status": "affected",
"version": "SAP_BASIS 731"
},
{
"status": "affected",
"version": "SAP_BASIS 740"
},
{
"status": "affected",
"version": "SAP_BASIS 750"
},
{
"status": "affected",
"version": "SAP_BASIS 751"
},
{
"status": "affected",
"version": "SAP_BASIS 752"
},
{
"status": "affected",
"version": "SAP_BASIS 753"
},
{
"status": "affected",
"version": "SAP_BASIS 754"
},
{
"status": "affected",
"version": "SAP_BASIS 755"
},
{
"status": "affected",
"version": "SAP_BASIS 756"
},
{
"status": "affected",
"version": "SAP_BASIS 757"
},
{
"status": "affected",
"version": "SAP_BASIS 758"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim, sensitive information such as user credentials is exposed. These credentials may then be used to gain unauthorized access to local or adjacent systems. This results in high impact to Confidentiality, with no significant effect on Integrity or Availability.\u003c/p\u003e"
}
],
"value": "SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these instructions so that when accessed by the victim, sensitive information such as user credentials is exposed. These credentials may then be used to gain unauthorized access to local or adjacent systems. This results in high impact to Confidentiality, with no significant effect on Integrity or Availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-141",
"description": "CWE-141: Improper Neutralization of Parameter/Argument Delimiters",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T00:17:19.984Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3577287"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2025-31329",
"datePublished": "2025-05-13T00:16:51.190Z",
"dateReserved": "2025-03-27T23:02:06.906Z",
"dateUpdated": "2025-05-13T13:55:58.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases:
Description:
- Developers should anticipate that parameter/argument delimiters will be injected/removed/manipulated in the input vectors of their product. Use an appropriate combination of denylists and allowlists to ensure only valid, expected and appropriate input is processed by the system.
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation ID: MIT-28
Phase: Implementation
Strategy: Output Encoding
Description:
- While it is risky to use dynamically-generated query strings, code, or commands that mix control and data together, sometimes it may be unavoidable. Properly quote arguments and escape any special characters within those arguments. The most conservative approach is to escape or filter all characters that do not pass an extremely strict allowlist (such as everything that is not alphanumeric or white space). If some special characters are still needed, such as white space, wrap each argument in quotes after the escaping/filtering step. Be careful of argument injection (CWE-88).
Mitigation ID: MIT-20
Phase: Implementation
Strategy: Input Validation
Description:
- Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
No CAPEC attack patterns related to this CWE.