CWE-337
Predictable Seed in Pseudo-Random Number Generator (PRNG)
A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time.
CVE-2016-15006 (GCVE-0-2016-15006)
Vulnerability from cvelistv5 – Published: 2023-01-02 07:59 – Updated: 2024-08-06 03:47
VLAI?
Summary
A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator (prng). The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.3 is able to address this issue. The identifier of the patch is 922bf90ca14a681629ba0b807a997a81d70225b5. It is recommended to upgrade the affected component. The identifier VDB-217181 was assigned to this vulnerability.
Severity ?
CWE
- CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
VulDB GitHub Commit Analyzer
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:47:34.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.217181"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.217181"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/pfmonville/enigmaX/commit/922bf90ca14a681629ba0b807a997a81d70225b5"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/pfmonville/enigmaX/releases/tag/2.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Scrambling Table Handler"
],
"product": "enigmaX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in enigmaX up to 2.2. This issue affects the function getSeed of the file main.c of the component Scrambling Table Handler. The manipulation leads to predictable seed in pseudo-random number generator (prng). The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.3 is able to address this issue. The identifier of the patch is 922bf90ca14a681629ba0b807a997a81d70225b5. It is recommended to upgrade the affected component. The identifier VDB-217181 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in enigmaX bis 2.2 entdeckt. Sie wurde als problematisch eingestuft. Es geht hierbei um die Funktion getSeed der Datei main.c der Komponente Scrambling Table Handler. Durch Manipulieren mit unbekannten Daten kann eine predictable seed in pseudo-random number generator (prng)-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Ein Aktualisieren auf die Version 2.3 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 922bf90ca14a681629ba0b807a997a81d70225b5 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337 Predictable Seed in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T09:50:09.346Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.217181"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.217181"
},
{
"tags": [
"patch"
],
"url": "https://github.com/pfmonville/enigmaX/commit/922bf90ca14a681629ba0b807a997a81d70225b5"
},
{
"tags": [
"patch"
],
"url": "https://github.com/pfmonville/enigmaX/releases/tag/2.3"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-01-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-01-02T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-01-02T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-01-26T21:05:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "enigmaX Scrambling Table main.c getSeed prng seed"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2016-15006",
"datePublished": "2023-01-02T07:59:38.347Z",
"dateReserved": "2023-01-02T07:58:00.845Z",
"dateUpdated": "2024-08-06T03:47:34.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28597 (GCVE-0-2020-28597)
Vulnerability from cvelistv5 – Published: 2021-03-03 17:47 – Updated: 2024-08-04 16:40
VLAI?
Summary
A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password of an account of their choice.
Severity ?
9.8 (Critical)
CWE
- CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1221"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Epignosis",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Epignosis eFront LMS 5.2.17, Epignosis eFront LMS 5.2.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password of an account of their choice."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-03T17:47:57",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1221"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-28597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Epignosis",
"version": {
"version_data": [
{
"version_value": "Epignosis eFront LMS 5.2.17, Epignosis eFront LMS 5.2.21"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password of an account of their choice."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.8,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1221",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1221"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-28597",
"datePublished": "2021-03-03T17:47:57",
"dateReserved": "2020-11-13T00:00:00",
"dateUpdated": "2024-08-04T16:40:59.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26852 (GCVE-0-2022-26852)
Vulnerability from cvelistv5 – Published: 2022-04-08 19:50 – Updated: 2024-09-17 01:16
VLAI?
Summary
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise.
Severity ?
8.1 (High)
CWE
- CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | PowerScale OneFS |
Affected:
unspecified , < 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x , 9.2.1.x, 9.3.0.x
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:18:37.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PowerScale OneFS",
"vendor": "Dell",
"versions": [
{
"lessThan": "8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x , 9.2.1.x, 9.3.0.x",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-04-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-08T19:50:32",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-04-04",
"ID": "CVE-2022-26852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PowerScale OneFS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x , 9.2.1.x, 9.3.0.x"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise."
}
]
},
"impact": {
"cvss": {
"baseScore": 8.1,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000197991/dell-emc-powerscale-onefs-security-update-for-multiple-component-vulnerabilities"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-26852",
"datePublished": "2022-04-08T19:50:32.150020Z",
"dateReserved": "2022-03-10T00:00:00",
"dateUpdated": "2024-09-17T01:16:28.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40267 (GCVE-0-2022-40267)
Vulnerability from cvelistv5 – Published: 2023-01-20 07:52 – Updated: 2024-08-03 12:14
VLAI?
Summary
Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU versions 33 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 66 and prior allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers.
Severity ?
5.9 (Medium)
CWE
- CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Mitsubishi Electric Corporation | MELSEC iQ-F Series FX5U-32MT/ES |
Affected:
serial number 17X**** or later, and versions 1.280 and prior
Affected: serial number 179**** and prior, and versions 1.074 and prior |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:14:39.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1646"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-019_en.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/vu/JVNVU99673580/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-02"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5u-80mt\\/ess_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5u-80mt\\/ess_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5u-32mt\\/dss_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5u-32mt\\/dss_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5u-64mt\\/dss_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5u-64mt\\/dss_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5u-80mt\\/dss_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5u-80mt\\/dss_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/d_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uc-32mt\\/d_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uc-64mt\\/d_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uc-64mt\\/d_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uc-96mt\\/d_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uc-96mt\\/d_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uc-32mt\\/dss_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uc-64mt\\/dss_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uc-64mt\\/dss_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uc-96mt\\/dss_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uc-96mt\\/dss_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/ds-ts_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uc-32mt\\/ds-ts_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uc-32mt\\/dss-ts_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uc-32mt\\/dss-ts_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uc-32mr\\/ds-ts_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uc-32mr\\/ds-ts_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r00cpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r00cpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r01cpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r01cpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r02cpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r02cpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r04cpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r04cpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r08cpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r08cpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r16cpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r16cpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r32cpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r32cpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r120cpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r120cpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r04encpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r04encpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r08encpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r08encpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r16encpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r16encpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r32encpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r32encpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:r120encpu_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "r120encpu_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-24mt\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-40mt\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-60mt\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-24mr\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-24mr\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-40mr\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-40mr\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-60mr\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-60mr\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/ess_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-24mt\\/ess_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/ess_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-40mt\\/ess_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/ess_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-60mt\\/ess_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-24mt\\/es-a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-24mt\\/es-a_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-40mt\\/es-a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-40mt\\/es-a_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-60mt\\/es-a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-60mt\\/es-a_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-24mr\\/es-a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-24mr\\/es-a_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-40mr\\/es-a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-40mr\\/es-a_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5uj-60mr\\/es-a_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5uj-60mr\\/es-a_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-30mt\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-30mt\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-40mt\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-40mt\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-60mt\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-60mt\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-80mt\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-80mt\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-30mr\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-30mr\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-40mr\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-40mr\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-60mr\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-60mr\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-80mr\\/es_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-80mr\\/es_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-30mt\\/ess_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-30mt\\/ess_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-40mt\\/ess_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-40mt\\/ess_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-60mt\\/ess_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-60mt\\/ess_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:mitsubishielectric:fx5s-80mt\\/ess_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fx5s-80mt\\/ess_firmware",
"vendor": "mitsubishielectric",
"versions": [
{
"lessThanOrEqual": "1.042",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-40267",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T16:29:24.302691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T17:23:35.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-32MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-64MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Seres FX5U-80MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-32MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-64MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-80MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-32MT/DS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-64MT/DS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-80MT/DS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-32MR/DS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-64MR/DS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-80MR/DS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-32MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-64MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-80MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-32MT/DSS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-64MT/DSS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5U-80MT/DSS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-32MT/D",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-64MT/D",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-96MT/D",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-32MT/DSS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-64MT/DSS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-96MT/DSS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "serial number 17X**** or later, and versions 1.280 and prior"
},
{
"status": "affected",
"version": "serial number 179**** and prior, and versions 1.074 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-32MT/DS-TS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 1.280 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-32MT/DSS-TS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 1.280 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UC-32MR/DS-TS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 1.280 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R00CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 33 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R01CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 33 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R02CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 33 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R04CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 66 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R08CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 66 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R16CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 66 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R32CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 66 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R120CPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 66 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R04ENCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 66 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R08ENCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 66 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R16ENCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 66 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R32ENCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 66 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-R Series R120ENCPU",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "versions 66 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-24MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.042 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-40MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.042 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-60MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.042 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-24MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.042 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-40MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.042 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-60MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.042 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-24MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.042 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-40MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.042 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-60MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.042 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-24MT/ES-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.043 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-40MT/ES-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.043 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-60MT/ES-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.043 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-24MR/ES-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.043 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-40MR/ES-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.043 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5UJ-60MR/ES-A",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.043 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-30MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-40MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-60MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-80MT/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-30MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-40MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-60MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-80MR/ES",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-30MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-40MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-60MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MELSEC iQ-F Series FX5S-80MT/ESS",
"vendor": "Mitsubishi Electric Corporation",
"versions": [
{
"status": "affected",
"version": "1.003 and prior"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU versions 33 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 66 and prior allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers."
}
],
"value": "Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU versions 33 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU versions 66 and prior allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337 Predictable Seed in Pseudo-Random Number Generator (PRNG) ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T03:55:27.038Z",
"orgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"shortName": "Mitsubishi"
},
"references": [
{
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-019_en.pdf"
},
{
"url": "https://jvn.jp/vu/JVNVU99673580/index.html"
},
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-02"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass Vulnerability in Web Server Function on MELSEC Series",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e0f77b61-78fd-4786-b3fb-1ee347a748ad",
"assignerShortName": "Mitsubishi",
"cveId": "CVE-2022-40267",
"datePublished": "2023-01-20T07:52:56.784Z",
"dateReserved": "2022-09-08T19:40:16.931Z",
"dateUpdated": "2024-08-03T12:14:39.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49343 (GCVE-0-2023-49343)
Vulnerability from cvelistv5 – Published: 2023-12-14 21:31 – Updated: 2024-08-02 21:53
VLAI?
Summary
Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
Severity ?
6 (Medium)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Ubuntu Budgie | Budgie Extras |
Affected:
v1.4.0 , < v1.7.1
(semver)
|
Credits
Sam Lane
David Mohammed
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:44.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-27g2-7x65-3cc5"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-6556-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49343"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "budgie-extras",
"platforms": [
"Linux"
],
"product": "Budgie Extras",
"vendor": "Ubuntu Budgie",
"versions": [
{
"lessThan": "v1.7.1",
"status": "affected",
"version": "v1.4.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "Sam Lane"
},
{
"lang": "en",
"type": "remediation verifier",
"value": "David Mohammed"
}
],
"datePublic": "2023-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-668",
"description": "CWE-668",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T21:31:00.844Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/UbuntuBudgie/budgie-extras/security/advisories/GHSA-27g2-7x65-3cc5"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-6556-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49343"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2023-49343",
"datePublished": "2023-12-14T21:31:00.844Z",
"dateReserved": "2023-11-27T03:17:52.865Z",
"dateUpdated": "2024-08-02T21:53:44.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22194 (GCVE-0-2024-22194)
Vulnerability from cvelistv5 – Published: 2024-01-11 02:21 – Updated: 2025-06-03 14:25
VLAI?
Summary
cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`.
Severity ?
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cyber-Domain-Ontology | CDO-Utility-Local-UUID |
Affected:
= 0.4.0
Affected: = 0.5.0 Affected: = 0.6.0 Affected: = 0.7.0 Affected: = 0.8.0 Affected: = 0.9.0 Affected: = 0.10.0 Affected: = 0.11.0 Affected: = 0.12.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.933Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882"
},
{
"name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3"
},
{
"name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4"
},
{
"name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22194",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T20:11:54.538835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:25:30.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CDO-Utility-Local-UUID",
"vendor": "Cyber-Domain-Ontology",
"versions": [
{
"status": "affected",
"version": "= 0.4.0"
},
{
"status": "affected",
"version": "= 0.5.0"
},
{
"status": "affected",
"version": "= 0.6.0"
},
{
"status": "affected",
"version": "= 0.7.0"
},
{
"status": "affected",
"version": "= 0.8.0"
},
{
"status": "affected",
"version": "= 0.9.0"
},
{
"status": "affected",
"version": "= 0.10.0"
},
{
"status": "affected",
"version": "= 0.11.0"
},
{
"status": "affected",
"version": "= 0.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-215",
"description": "CWE-215: Insertion of Sensitive Information Into Debugging Code",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-11T02:21:53.758Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882"
},
{
"name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3"
},
{
"name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4"
},
{
"name": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452"
},
{
"name": "https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509"
}
],
"source": {
"advisory": "GHSA-rgrf-6mf5-m882",
"discovery": "UNKNOWN"
},
"title": "cdo-local-uuid vulnerable to insertion of artifact derived from developer\u0027s Present Working Directory into demonstration code"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22194",
"datePublished": "2024-01-11T02:21:53.758Z",
"dateReserved": "2024-01-08T04:59:27.371Z",
"dateUpdated": "2025-06-03T14:25:30.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7558 (GCVE-0-2024-7558)
Vulnerability from cvelistv5 – Published: 2024-10-02 10:06 – Updated: 2024-10-02 13:59
VLAI?
Summary
JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm.
Severity ?
8.7 (High)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Juju |
Affected:
3.5 , < 3.5.4
(semver)
Affected: 3.4 , < 3.4.6 (semver) Affected: 3.3 , < 3.3.7 (semver) Affected: 3.1 , < 3.1.10 (semver) Affected: 2.9 , < 2.9.51 (semver) |
Credits
Harry Pidcock
Harry Pidcock
Mark Esler
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T13:58:28.823188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T13:59:04.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "juju",
"platforms": [
"Linux"
],
"product": "Juju",
"repo": "https://github.com/juju/juju",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "3.5.4",
"status": "affected",
"version": "3.5",
"versionType": "semver"
},
{
"lessThan": "3.4.6",
"status": "affected",
"version": "3.4",
"versionType": "semver"
},
{
"lessThan": "3.3.7",
"status": "affected",
"version": "3.3",
"versionType": "semver"
},
{
"lessThan": "3.1.10",
"status": "affected",
"version": "3.1",
"versionType": "semver"
},
{
"lessThan": "2.9.51",
"status": "affected",
"version": "2.9",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Harry Pidcock"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Harry Pidcock"
},
{
"lang": "en",
"type": "coordinator",
"value": "Mark Esler"
}
],
"descriptions": [
{
"lang": "en",
"value": "JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user in the same network namespace can connect to an abstract domain socket and guess the JUJU_CONTEXT_ID value. This gives the unprivileged user access to the same information and tools as the Juju charm."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-340",
"description": "CWE-340: Generation of Predictable Numbers or Identifiers",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1391",
"description": "CWE-1391: Use of Weak Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T10:06:31.098Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/juju/juju/security/advisories/GHSA-mh98-763h-m9v4"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7558"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-7558",
"datePublished": "2024-10-02T10:06:31.098Z",
"dateReserved": "2024-08-06T13:45:13.579Z",
"dateUpdated": "2024-10-02T13:59:04.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20613 (GCVE-0-2025-20613)
Vulnerability from cvelistv5 – Published: 2025-08-12 16:58 – Updated: 2025-08-12 19:22
VLAI?
Summary
Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to potentially enable information disclosure via local access.
Severity ?
CWE
- Information Disclosure
- CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) TDX |
Affected:
See references
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20613",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:22:09.607908Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:22:19.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) TDX",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en"
},
{
"cweId": "CWE-337",
"description": "Predictable Seed in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T16:58:20.129Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01312.html",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01312.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2025-20613",
"datePublished": "2025-08-12T16:58:20.129Z",
"dateReserved": "2025-01-08T04:00:28.773Z",
"dateUpdated": "2025-08-12T19:22:19.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55069 (GCVE-0-2025-55069)
Vulnerability from cvelistv5 – Published: 2025-09-23 22:15 – Updated: 2025-09-24 14:07
VLAI?
Summary
A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the generated private keys.
Severity ?
CWE
- CWE-337 - Predictable Seed in Pseudo-Random Number Generator
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| AutomationDirect | CLICK PLUS C0-0x CPU firmware |
Affected:
0 , < v3.71
(custom)
|
||||||||||||
|
||||||||||||||
Credits
Luca Borzacchiello and Diego Zaffaroni of Nozomi Networks reported these vulnerabilities to Automation Direct.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T14:06:23.215875Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T14:07:59.115Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CLICK PLUS C0-0x CPU firmware",
"vendor": "AutomationDirect",
"versions": [
{
"lessThan": "v3.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CLICK PLUS C0-1x CPU firmware",
"vendor": "AutomationDirect",
"versions": [
{
"lessThan": "v3.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CLICK PLUS C2-x CPU firmware",
"vendor": "AutomationDirect",
"versions": [
{
"lessThan": "v3.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Luca Borzacchiello and Diego Zaffaroni of Nozomi Networks reported these vulnerabilities to Automation Direct."
}
],
"datePublic": "2025-09-23T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the generated private keys.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the generated private keys."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337 Predictable Seed in Pseudo-Random Number Generator",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T22:15:46.833Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-266-01"
},
{
"url": "https://www.automationdirect.com/support/software-downloads"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAutomationDirect recommends that users update CLICK PLUS and firmware to \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.automationdirect.com/support/software-downloads\"\u003eV3.80.\u003c/a\u003e\u003c/p\u003e\u003cp\u003eIf the update cannot be applied right away, the following compensating controls are recommended until the upgrade can be performed:\u003c/p\u003e\u003cul\u003e\u003cli\u003eNetwork Isolation \u2013 Disconnect the CLICK PLUS PLC from external networks (e.g., the internet or corporate LAN) to reduce exposure.\u003c/li\u003e\u003cli\u003eSecure Communications \u2013 Use only trusted, dedicated internal networks or air-gapped systems for device communication.\u003c/li\u003e\u003cli\u003eAccess Control \u2013 Restrict both physical and logical access to authorized personnel only.\u003c/li\u003e\u003cli\u003eApplication Whitelisting \u2013 Configure whitelisting so that only trusted, pre-approved applications are allowed to run. Block any unauthorized software.\u003c/li\u003e\u003cli\u003eEndpoint Protection \u2013 Use antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\u003c/li\u003e\u003cli\u003eLogging \u0026amp; Monitoring \u2013 Enable and regularly review system logs to detect suspicious or unauthorized activity.\u003c/li\u003e\u003cli\u003eBackup \u0026amp; Recovery \u2013 Maintain secure, tested backups of the PLC and its configurations to minimize downtime in case of an incident.\u003c/li\u003e\u003cli\u003eOngoing Risk Assessment \u2013 Continuously evaluate risks associated with running outdated firmware and adjust compensating measures accordingly.\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "AutomationDirect recommends that users update CLICK PLUS and firmware to V3.80. https://www.automationdirect.com/support/software-downloads \n\nIf the update cannot be applied right away, the following compensating controls are recommended until the upgrade can be performed:\n\n * Network Isolation \u2013 Disconnect the CLICK PLUS PLC from external networks (e.g., the internet or corporate LAN) to reduce exposure.\n * Secure Communications \u2013 Use only trusted, dedicated internal networks or air-gapped systems for device communication.\n * Access Control \u2013 Restrict both physical and logical access to authorized personnel only.\n * Application Whitelisting \u2013 Configure whitelisting so that only trusted, pre-approved applications are allowed to run. Block any unauthorized software.\n * Endpoint Protection \u2013 Use antivirus or EDR tools and configure host-based firewalls to block unauthorized access attempts.\n * Logging \u0026 Monitoring \u2013 Enable and regularly review system logs to detect suspicious or unauthorized activity.\n * Backup \u0026 Recovery \u2013 Maintain secure, tested backups of the PLC and its configurations to minimize downtime in case of an incident.\n * Ongoing Risk Assessment \u2013 Continuously evaluate risks associated with running outdated firmware and adjust compensating measures accordingly."
}
],
"source": {
"advisory": "ICSA-25-266-01",
"discovery": "EXTERNAL"
},
"title": "AutomationDirect CLICK PLUS Predictable Seed in Pseudo-Random Number Generator",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-55069",
"datePublished": "2025-09-23T22:15:46.833Z",
"dateReserved": "2025-09-16T20:09:26.643Z",
"dateUpdated": "2025-09-24T14:07:59.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62710 (GCVE-0-2025-62710)
Vulnerability from cvelistv5 – Published: 2025-10-22 22:19 – Updated: 2025-10-24 18:28
VLAI?
Summary
Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password (serverSecretKey) using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted from limited state/seed information (e.g., start time window), substantially reducing the effective search space of the generated key. An attacker who can obtain ciphertexts (e.g., exported or at‑rest strings protected by this service) and approximate the PRNG seed can feasibly reconstruct the serverSecretKey and decrypt affected data. SAK-49866 is patched in Sakai 23.5, 25.0, and trunk.
Severity ?
5.9 (Medium)
CWE
- CWE-337 - Predictable Seed in Pseudo-Random Number Generator (PRNG)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sakaiproject | sakai |
Affected:
< 23.5
Affected: < 25.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62710",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T15:37:06.777893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T15:38:10.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sakai",
"vendor": "sakaiproject",
"versions": [
{
"status": "affected",
"version": "\u003c 23.5"
},
{
"status": "affected",
"version": "\u003c 25.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password (serverSecretKey) using RandomStringUtils with the default java.util.Random. java.util.Random is a non\u2011cryptographic PRNG and can be predicted from limited state/seed information (e.g., start time window), substantially reducing the effective search space of the generated key. An attacker who can obtain ciphertexts (e.g., exported or at\u2011rest strings protected by this service) and approximate the PRNG seed can feasibly reconstruct the serverSecretKey and decrypt affected data. SAK-49866 is patched in Sakai 23.5, 25.0, and trunk."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-337",
"description": "CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T18:28:07.317Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sakaiproject/sakai/security/advisories/GHSA-gr7h-xw4f-wh86",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sakaiproject/sakai/security/advisories/GHSA-gr7h-xw4f-wh86"
},
{
"name": "https://github.com/sakaiproject/sakai/commit/bde070104b1de01f4a6458dca6d9e0880a0e3c04",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sakaiproject/sakai/commit/bde070104b1de01f4a6458dca6d9e0880a0e3c04"
}
],
"source": {
"advisory": "GHSA-gr7h-xw4f-wh86",
"discovery": "UNKNOWN"
},
"title": "Sakai kernel-impl: predictable PRNG used to generate server\u2011side encryption key in EncryptionUtilityServiceImpl"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62710",
"datePublished": "2025-10-22T22:19:21.106Z",
"dateReserved": "2025-10-20T19:41:22.739Z",
"dateUpdated": "2025-10-24T18:28:07.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases:
Description:
- Use non-predictable inputs for seed generation.
Mitigation ID: MIT-2
Phases: Architecture and Design, Requirements
Strategy: Libraries or Frameworks
Description:
- Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible.
Mitigation ID: MIT-50
Phase: Implementation
Description:
- Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block.
No CAPEC attack patterns related to this CWE.