CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
CVE-2024-36509 (GCVE-0-2024-36509)
Vulnerability from cvelistv5 – Published: 2024-11-12 18:53 – Updated: 2024-11-12 20:40
VLAI
Summary
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the "Log Access Event" logs page.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Information disclosure
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T20:40:06.803621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T20:40:18.997Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [],
"defaultStatus": "unaffected",
"product": "FortiWeb",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "7.6.0"
},
{
"lessThanOrEqual": "7.4.3",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.10",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.10",
"status": "affected",
"version": "7.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.23",
"status": "affected",
"version": "6.3.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the \"Log Access Event\" logs page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N/E:P/RL:U/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "Information disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T18:53:57.238Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-180",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-180"
}
],
"solutions": [
{
"lang": "en",
"value": "Please upgrade to FortiWeb version 7.6.1 or above \nPlease upgrade to FortiWeb version 7.4.4 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2024-36509",
"datePublished": "2024-11-12T18:53:57.238Z",
"dateReserved": "2024-05-29T08:44:50.760Z",
"dateUpdated": "2024-11-12T20:40:18.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37070 (GCVE-0-2024-37070)
Vulnerability from cvelistv5 – Published: 2024-11-19 19:24 – Updated: 2025-01-26 16:01
VLAI
Title
IBM Concert Software information disclosure
Summary
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Concert Software |
Affected:
1.0.0, 1.0.1, 1.0.2, 1.0.2.1
cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:concert:1.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:concert:1.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:concert:1.0.2.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37070",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T20:06:23.761990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T20:06:38.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:concert:1.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:concert:1.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:concert:1.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:concert:1.0.2.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Concert Software",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.0.0, 1.0.1, 1.0.2, 1.0.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system."
}
],
"value": "IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-26T16:01:56.431Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7176346"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Concert Software information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-37070",
"datePublished": "2024-11-19T19:24:02.919Z",
"dateReserved": "2024-06-02T15:43:57.553Z",
"dateUpdated": "2025-01-26T16:01:56.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37526 (GCVE-0-2024-37526)
Vulnerability from cvelistv5 – Published: 2025-01-27 21:53 – Updated: 2025-01-28 15:18
VLAI
Title
IBM Watson Query on Cloud Pak for Data information disclosure
Summary
IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization 1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Data Virtualization |
Affected:
1.8, 2.0, 2.1, 2.2, 3.0.0
cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:3.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37526",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:53:28.695960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:18:54.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:1.8.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.1.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:2.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:data_virtualization_on_cloud_pak_for_data:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Data Virtualization",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "1.8, 2.0, 2.1, 2.2, 3.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization\u0026nbsp;1.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism."
}
],
"value": "IBM Watson Query on Cloud Pak for Data (IBM Data Virtualization\u00a01.8, 2.0, 2.1, 2.2, and 3.0.0) could allow an authenticated user to obtain sensitive information from objects published using Watson Query due to an improper data protection mechanism."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T21:53:04.621Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7173774"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Watson Query on Cloud Pak for Data information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-37526",
"datePublished": "2025-01-27T21:53:04.621Z",
"dateReserved": "2024-06-09T13:59:02.606Z",
"dateUpdated": "2025-01-28T15:18:54.854Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3774 (GCVE-0-2024-3774)
Vulnerability from cvelistv5 – Published: 2024-04-15 02:14 – Updated: 2024-10-18 15:44
VLAI
Title
aEnrich Technology a+HRD - Exposure of Sensitive Data
Summary
aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-7724-c28d3-1.html | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| aEnrich Technology | a+HRD |
Affected:
6.8
Affected: 7.0 , ≤ 7.2 (custom) |
|
| aenrich | a\+hrd |
Affected:
6.8
Affected: 7.0 , ≤ 7.2 (custom) cpe:2.3:a:aenrich:a\+hrd:*:*:*:*:*:*:*:* |
Date Public
2024-04-15 02:12
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7724-c28d3-1.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:aenrich:a\\+hrd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "a\\+hrd",
"vendor": "aenrich",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThanOrEqual": "7.2",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3774",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T15:19:48.388986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T15:44:24.362Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "a+HRD",
"vendor": "aEnrich Technology",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThanOrEqual": "7.2",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-04-15T02:12:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "aEnrich Technology a+HRD\u0027s functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values."
}
],
"value": "aEnrich Technology a+HRD\u0027s functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-14T06:15:36.057Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7724-c28d3-1.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eto\u003c/span\u003e\n\n eHRD to 6.8.1039V1055 or later version\u003cbr\u003eUpdate\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eto\u003c/span\u003e\n\n eHRD to 7.0.1141V422 or later version\u003cbr\u003eUpdate\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eto\u003c/span\u003e\n\n eHRD to 7.1.1033V429 or later version \u003cbr\u003eUpdate\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;to\u003c/span\u003e\n\n eHRD to 7.2.1061V36 or later version"
}
],
"value": "Update\nto\n\n eHRD to 6.8.1039V1055 or later version\nUpdate\nto\n\n eHRD to 7.0.1141V422 or later version\nUpdate\nto\n\n eHRD to 7.1.1033V429 or later version \nUpdate\u00a0to\n\n eHRD to 7.2.1061V36 or later version"
}
],
"source": {
"advisory": "TVN-202404001",
"discovery": "EXTERNAL"
},
"title": "aEnrich Technology a+HRD - Exposure of Sensitive Data",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-3774",
"datePublished": "2024-04-15T02:14:39.724Z",
"dateReserved": "2024-04-15T01:56:13.197Z",
"dateUpdated": "2024-10-18T15:44:24.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39675 (GCVE-0-2024-39675)
Vulnerability from cvelistv5 – Published: 2024-07-09 12:05 – Updated: 2025-08-27 20:42
VLAI
Summary
A vulnerability has been identified in RUGGEDCOM RMC30 (All versions < V4.3.10), RUGGEDCOM RMC30NC (All versions < V4.3.10), RUGGEDCOM RP110 (All versions < V4.3.10), RUGGEDCOM RP110NC (All versions < V4.3.10), RUGGEDCOM RS400 (All versions < V4.3.10), RUGGEDCOM RS400NC (All versions < V4.3.10), RUGGEDCOM RS401 (All versions < V4.3.10), RUGGEDCOM RS401NC (All versions < V4.3.10), RUGGEDCOM RS416 (All versions < V4.3.10), RUGGEDCOM RS416NC (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416P (All versions < V4.3.10), RUGGEDCOM RS416PNC (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions < V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS910 (All versions < V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions < V4.3.10), RUGGEDCOM RS910W (All versions < V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
1 reference
Impacted products
56 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | RUGGEDCOM RMC30 |
Affected:
0 , < V4.3.10
(custom)
|
|
| Siemens | RUGGEDCOM RMC30NC |
Affected:
0 , < V4.3.10
(custom)
|
|
| Siemens | RUGGEDCOM RP110 |
Affected:
0 , < V4.3.10
(custom)
|
|
| Siemens | RUGGEDCOM RP110NC |
Affected:
0 , < V4.3.10
(custom)
|
|
| Siemens | RUGGEDCOM RS400 |
Affected:
0 , < V4.3.10
(custom)
|
|
| Siemens | RUGGEDCOM RS400NC |
Affected:
0 , < V4.3.10
(custom)
|
|
| Siemens | RUGGEDCOM RS401 |
Affected:
0 , < V4.3.10
(custom)
|
|
| Siemens | RUGGEDCOM RS401NC |
Affected:
0 , < V4.3.10
(custom)
|
|
| Siemens | RUGGEDCOM RS416 |
Affected:
0 , < V4.3.10
(custom)
|
|
| Siemens | RUGGEDCOM RS416NC |
Affected:
0 , < V4.3.10
(custom)
|
|
| Siemens | RUGGEDCOM RS416NCv2 V4.X |
Affected:
0 , < V4.3.10
(custom)
|
|
| Siemens | RUGGEDCOM RS416NCv2 V5.X |
Affected:
0 , < V5.9.0
(custom)
|
|
| Siemens | RUGGEDCOM RS416P |
Affected:
0 , < V4.3.10
(custom)
|
|
| Siemens | RUGGEDCOM RS416PNC |
Affected:
0 , < V4.3.10
(custom)
|
|
| Siemens | RUGGEDCOM RS416PNCv2 V4.X |
Affected:
0 , < V4.3.10
(custom)
|
|
| Siemens | RUGGEDCOM RS416PNCv2 V5.X |
Affected:
0 , < V5.9.0
(custom)
|
|
| Siemens | RUGGEDCOM RS416Pv2 V4.X |
Affected:
0 , < V4.3.10
(custom)
|
|
| Siemens | RUGGEDCOM RS416Pv2 V5.X |
Affected:
0 , < V5.9.0
(custom)
|
|
| Siemens | RUGGEDCOM RS416v2 V4.X |
Affected:
0 , < V4.3.10
(custom)
|
|
| Siemens | RUGGEDCOM RS416v2 V5.X |
Affected:
0 , < V5.9.0
(custom)
|
|
| Siemens | RUGGEDCOM RS910 |
Affected:
0 , < V4.3.10
(custom)
|
|
| Siemens | RUGGEDCOM RS910L |
Affected:
0 , < *
(custom)
|
|
| Siemens | RUGGEDCOM RS910LNC |
Affected:
0 , < *
(custom)
|
|
| Siemens | RUGGEDCOM RS910NC |
Affected:
0 , < V4.3.10
(custom)
|
|
| Siemens | RUGGEDCOM RS910W |
Affected:
0 , < V4.3.10
(custom)
|
|
| Siemens | RUGGEDCOM RS920L |
Affected:
0 , < *
(custom)
|
|
| Siemens | RUGGEDCOM RS920LNC |
Affected:
0 , < *
(custom)
|
|
| Siemens | RUGGEDCOM RS920W |
Affected:
0 , < *
(custom)
|
|
| siemens | ruggedcom_ros_rmc30 |
Affected:
0 , < 4.3.10
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rmc30:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rmc30nc |
Affected:
0 , < 4.3.10
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rmc30nc:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rp110 |
Affected:
0 , < 4.3.10
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rp110:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rp110nc |
Affected:
0 , < 4.3.10
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rp110nc:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs400 |
Affected:
0 , < 4.3.10
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs400:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs400nc |
Affected:
0 , < 4.3.10
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs400nc:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs401 |
Affected:
0 , < 4.3.10
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs401:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs401nc |
Affected:
0 , < 4.3.10
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs401nc:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs416 |
Affected:
0 , < 4.3.10
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs416:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs416nc |
Affected:
0 , < 4.3.10
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs416nc:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs416ncv2 |
Affected:
0 , < 4.3.10
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs416ncv2:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs416ncv2 |
Affected:
0 , < 5.9.0
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs416ncv2:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs416p |
Affected:
0 , < 4.3.10
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs416p:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs416pnc |
Affected:
0 , < 4.3.10
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs416pnc:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs416pncv2 |
Affected:
0 , < 5.9.0
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs416pncv2:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs416pncv2 |
Affected:
0 , < 4.3.10
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs416pncv2:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs416pv2 |
Affected:
0 , < 4.3.10
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs416pv2:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs416pv2 |
Affected:
0 , < 5.9.0
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs416pv2:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs416v2 |
Affected:
0 , < 4.3.10
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs416v2:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs416v2 |
Affected:
0 , < 5.9.0
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs416v2:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs910 |
Affected:
0 , < 4.3.10
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs910:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs910l |
Affected:
0 , < *
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs910l:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs920l |
Affected:
0 , < *
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs920l:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs910lnc |
Affected:
0 , < *
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs910lnc:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs910nc |
Affected:
0 , < 4.3.10
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs910nc:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs920lnc |
Affected:
0 , < *
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs920lnc:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs910w |
Affected:
0 , < 4.3.10
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs910w:*:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_ros_rs920w |
Affected:
0 , < *
(custom)
cpe:2.3:o:siemens:ruggedcom_ros_rs920w:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rmc30:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rmc30",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rmc30nc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rmc30nc",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rp110:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rp110",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rp110nc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rp110nc",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs400:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs400",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs400nc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs400nc",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs401:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs401",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs401nc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs401nc",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs416:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs416",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs416nc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs416nc",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs416ncv2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs416ncv2",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs416ncv2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs416ncv2",
"vendor": "siemens",
"versions": [
{
"lessThan": "5.9.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs416p:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs416p",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs416pnc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs416pnc",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs416pncv2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs416pncv2",
"vendor": "siemens",
"versions": [
{
"lessThan": "5.9.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs416pncv2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs416pncv2",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs416pv2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs416pv2",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs416pv2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs416pv2",
"vendor": "siemens",
"versions": [
{
"lessThan": "5.9.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs416v2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs416v2",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs416v2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs416v2",
"vendor": "siemens",
"versions": [
{
"lessThan": "5.9.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs910:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs910",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs910l:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs910l",
"vendor": "siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs920l:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs920l",
"vendor": "siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs910lnc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs910lnc",
"vendor": "siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs910nc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs910nc",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs920lnc:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs920lnc",
"vendor": "siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs910w:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs910w",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_ros_rs920w:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_ros_rs920w",
"vendor": "siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T13:14:06.893152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:42:56.043Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-170375.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RMC30",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RMC30NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RP110",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RP110NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS400NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS401",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS401NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416NCv2 V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416NCv2 V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.9.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416PNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416PNCv2 V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416PNCv2 V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.9.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416Pv2 V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416Pv2 V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.9.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416v2 V4.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS416v2 V5.X",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.9.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS910",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS910L",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS910LNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS910NC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS910W",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.3.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS920L",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS920LNC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RS920W",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RMC30 (All versions \u003c V4.3.10), RUGGEDCOM RMC30NC (All versions \u003c V4.3.10), RUGGEDCOM RP110 (All versions \u003c V4.3.10), RUGGEDCOM RP110NC (All versions \u003c V4.3.10), RUGGEDCOM RS400 (All versions \u003c V4.3.10), RUGGEDCOM RS400NC (All versions \u003c V4.3.10), RUGGEDCOM RS401 (All versions \u003c V4.3.10), RUGGEDCOM RS401NC (All versions \u003c V4.3.10), RUGGEDCOM RS416 (All versions \u003c V4.3.10), RUGGEDCOM RS416NC (All versions \u003c V4.3.10), RUGGEDCOM RS416NCv2 V4.X (All versions \u003c V4.3.10), RUGGEDCOM RS416NCv2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS416P (All versions \u003c V4.3.10), RUGGEDCOM RS416PNC (All versions \u003c V4.3.10), RUGGEDCOM RS416PNCv2 V4.X (All versions \u003c V4.3.10), RUGGEDCOM RS416PNCv2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS416Pv2 V4.X (All versions \u003c V4.3.10), RUGGEDCOM RS416Pv2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS416v2 V4.X (All versions \u003c V4.3.10), RUGGEDCOM RS416v2 V5.X (All versions \u003c V5.9.0), RUGGEDCOM RS910 (All versions \u003c V4.3.10), RUGGEDCOM RS910L (All versions), RUGGEDCOM RS910LNC (All versions), RUGGEDCOM RS910NC (All versions \u003c V4.3.10), RUGGEDCOM RS910W (All versions \u003c V4.3.10), RUGGEDCOM RS920L (All versions), RUGGEDCOM RS920LNC (All versions), RUGGEDCOM RS920W (All versions). In some configurations the affected products wrongly enable the Modbus service in non-managed VLANS. Only serial devices are affected by this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T12:05:18.310Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-170375.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-39675",
"datePublished": "2024-07-09T12:05:18.310Z",
"dateReserved": "2024-06-27T11:41:41.875Z",
"dateUpdated": "2025-08-27T20:42:56.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39740 (GCVE-0-2024-39740)
Vulnerability from cvelistv5 – Published: 2024-07-15 02:11 – Updated: 2024-08-02 04:26
VLAI
Title
IBM Datacap Navigator information disclosure
Summary
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of System Data to an Unauthorized Control Sphere
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7160185 | vendor-advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Datacap Navigator |
Affected:
9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9
cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:* cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39740",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T15:53:06.657396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T15:53:37.563Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:datacap:9.1.5:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.6:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.7:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.8:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:datacap:9.1.9:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Datacap Navigator",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "9.1.5, 9.1.6, 9.1.7, 9.1.8, 9.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009."
}
],
"value": "IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system. IBM X-Force ID: 296009."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of System Data to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T02:11:20.973Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7160185"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/296009"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Datacap Navigator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-39740",
"datePublished": "2024-07-15T02:11:20.973Z",
"dateReserved": "2024-06-28T09:34:35.182Z",
"dateUpdated": "2024-08-02T04:26:15.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4008 (GCVE-0-2024-4008)
Vulnerability from cvelistv5 – Published: 2024-06-05 17:15 – Updated: 2025-09-17 05:33
VLAI
Title
FDSK Leak in KNX Secure Devices
Summary
FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - [LLM] Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
1 reference
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| ABB, Busch-Jaeger | 2.4! Display 55, SD/U12.55.11-825 |
Affected:
1.00
(custom)
|
|
| ABB, Busch-Jaeger | 2.4! Display 55, SD/SD/U12.55.1-825 |
Affected:
1.00
(custom)
|
|
| ABB, Busch-Jaeger | 2.4! Display 63, SD/U12.63.11-825 |
Affected:
1.00
(custom)
|
|
| ABB, Busch-Jaeger | RoomTouch 4", RT/U12.86.1-825 |
Affected:
1.00
(custom)
|
|
| ABB, Busch-Jaeger | RoomTouch 4", RT/U12.86.11-825 |
Affected:
1.00
(custom)
|
|
| ABB, Busch-Jaeger | 2,4'' Display 70, SD/U12.70.11-4015 |
Affected:
1.00
(custom)
|
|
| ABB, Busch-Jaeger | 2,4'' Display 70, SD-U12-70-1-4015 |
Affected:
1.00
(custom)
|
|
| ABB, Busch-Jaeger | RoomTouch 4", RT/U12.86.11-811 |
Affected:
1.00
(custom)
|
|
| ABB, Busch-Jaeger | RoomTouch 4", RT-U12-86-1-811 |
Affected:
1.00
(custom)
|
|
| ABB, Busch-Jaeger | BCU KNX, BA-U1.0.11 |
Affected:
1.3.0.33
(custom)
|
|
| ABB, Busch-Jaeger | BCU KNX, BA-U1.0.1 |
Affected:
1.3.0.33
(custom)
|
|
| ABB, Busch-Jaeger | BCU KNX, BA-U1.0.21 |
Affected:
1.3.0.33
(custom)
|
Date Public
2024-06-05 16:16
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4008",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T11:08:58.207948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T11:09:06.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://new.abb.com/products/de/2TMA310010B0001/sd-u12-55-11-825",
"defaultStatus": "unaffected",
"platforms": [
"proprietary"
],
"product": "2.4! Display 55, SD/U12.55.11-825",
"vendor": "ABB, Busch-Jaeger",
"versions": [
{
"status": "affected",
"version": "1.00",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://new.abb.com/products/de/2TMA310011B0001/sd-u12-55-1-825",
"defaultStatus": "unaffected",
"platforms": [
"proprietary"
],
"product": "2.4! Display 55, SD/SD/U12.55.1-825",
"vendor": "ABB, Busch-Jaeger",
"versions": [
{
"status": "affected",
"version": "1.00",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://new.abb.com/products/de/2TMA310010B0003/",
"defaultStatus": "unaffected",
"platforms": [
"proprietary"
],
"product": "2.4! Display 63, SD/U12.63.11-825",
"vendor": "ABB, Busch-Jaeger",
"versions": [
{
"status": "affected",
"version": "1.00",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://new.abb.com/products/de/2TMA310011B0003/rt-u12-86-1-825",
"defaultStatus": "unaffected",
"platforms": [
"proprietary"
],
"product": "RoomTouch 4\", RT/U12.86.1-825",
"vendor": "ABB, Busch-Jaeger",
"versions": [
{
"status": "affected",
"version": "1.00",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://new.abb.com/products/de/2TMA310010B0004/rt-u12-86-11-825",
"defaultStatus": "unaffected",
"product": "RoomTouch 4\", RT/U12.86.11-825",
"vendor": "ABB, Busch-Jaeger",
"versions": [
{
"status": "affected",
"version": "1.00",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://new.abb.com/products/de/2TMA310010B0006/sd-u12-70-11-4015",
"defaultStatus": "unaffected",
"product": "2,4\u0027\u0027 Display 70, SD/U12.70.11-4015",
"vendor": "ABB, Busch-Jaeger",
"versions": [
{
"status": "affected",
"version": "1.00",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://new.abb.com/products/de/2TMA310011B00004/sd-u12-70-1-4015",
"defaultStatus": "unaffected",
"product": "2,4\u0027\u0027 Display 70, SD-U12-70-1-4015",
"vendor": "ABB, Busch-Jaeger",
"versions": [
{
"status": "affected",
"version": "1.00",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://new.abb.com/products/de/2TMA310010W0001/rt-u12-86-11-811",
"defaultStatus": "unaffected",
"platforms": [
"proprietary"
],
"product": "RoomTouch 4\", RT/U12.86.11-811",
"vendor": "ABB, Busch-Jaeger",
"versions": [
{
"status": "affected",
"version": "1.00",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://new.abb.com/products/de/2TMA310011W0001/rt-u12-86-1-811",
"defaultStatus": "unaffected",
"platforms": [
"proprietary"
],
"product": "RoomTouch 4\", RT-U12-86-1-811",
"vendor": "ABB, Busch-Jaeger",
"versions": [
{
"status": "affected",
"version": "1.00",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://new.abb.com/products/de/2CKA006120A0079/ba-u1-0-11",
"defaultStatus": "unaffected",
"platforms": [
"proprietary"
],
"product": "BCU KNX, BA-U1.0.11",
"vendor": "ABB, Busch-Jaeger",
"versions": [
{
"status": "affected",
"version": "1.3.0.33",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://new.abb.com/products/de/2CKA006120A0080/ba-u1-0-1",
"defaultStatus": "unaffected",
"platforms": [
"proprietary"
],
"product": "BCU KNX, BA-U1.0.1",
"vendor": "ABB, Busch-Jaeger",
"versions": [
{
"status": "affected",
"version": "1.3.0.33",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://new.abb.com/products/de/2CKA006120A0081/ba-u1-0-21",
"defaultStatus": "unaffected",
"platforms": [
"proprietary"
],
"product": "BCU KNX, BA-U1.0.21",
"vendor": "ABB, Busch-Jaeger",
"versions": [
{
"status": "affected",
"version": "1.3.0.33",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-06-05T16:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System\u0026nbsp;"
}
],
"value": "FDSK Leak in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to take control via access to local KNX Bus-System"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "NOT_DEFINED",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H/S:N/AU:N/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 [LLM] Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-17T05:33:02.694Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108464A0803\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "FDSK Leak in KNX Secure Devices",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2024-4008",
"datePublished": "2024-06-05T17:15:56.523Z",
"dateReserved": "2024-04-19T17:09:06.029Z",
"dateUpdated": "2025-09-17T05:33:02.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40706 (GCVE-0-2024-40706)
Vulnerability from cvelistv5 – Published: 2025-01-24 15:20 – Updated: 2025-02-12 20:01
VLAI
Title
IBM InfoSphere Information Server information disclosure
Summary
IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | InfoSphere Information Server |
Affected:
11.7
cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40706",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T15:46:46.468240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:01:20.274Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "InfoSphere Information Server",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system."
}
],
"value": "IBM InfoSphere Information Server 11.7 could allow a remote user to obtain sensitive version information that could aid in further attacks against the system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T15:20:36.596Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7169826"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM InfoSphere Information Server information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-40706",
"datePublished": "2025-01-24T15:20:36.596Z",
"dateReserved": "2024-07-08T19:31:12.239Z",
"dateUpdated": "2025-02-12T20:01:20.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41781 (GCVE-0-2024-41781)
Vulnerability from cvelistv5 – Published: 2024-11-22 11:55 – Updated: 2024-11-22 15:34
VLAI
Title
IBM PowerVM Hypervisor information disclosure
Summary
IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore.
Severity
5.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of System Data to an Unauthorized Control Sphere
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7172698 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | PowerVM Hypervisor |
Affected:
FW950.00 , ≤ FW950.90
(semver)
Affected: FW1030.00 , ≤ FW1030.60 (semver) Affected: FW1050.00 , ≤ FW1050.20 (semver) Affected: FW1060.00 , ≤ FW1060.10 (semver) cpe:2.3:o:ibm:power9_system_firmware:fw950.00:*:*:*:*:*:*:* cpe:2.3:o:ibm:power9_system_firmware:fw950.90:*:*:*:*:*:*:* cpe:2.3:o:ibm:power9_system_firmware:fw1030.00:*:*:*:*:*:*:* cpe:2.3:o:ibm:power9_system_firmware:fw1030.60:*:*:*:*:*:*:* cpe:2.3:o:ibm:power9_system_firmware:fw1050.00:*:*:*:*:*:*:* cpe:2.3:o:ibm:power9_system_firmware:fw1050.20:*:*:*:*:*:*:* cpe:2.3:o:ibm:power9_system_firmware:fw1060.00:*:*:*:*:*:*:* cpe:2.3:o:ibm:power9_system_firmware:fw1060.10:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41781",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-22T15:34:30.745067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T15:34:36.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:ibm:power9_system_firmware:fw950.00:*:*:*:*:*:*:*",
"cpe:2.3:o:ibm:power9_system_firmware:fw950.90:*:*:*:*:*:*:*",
"cpe:2.3:o:ibm:power9_system_firmware:fw1030.00:*:*:*:*:*:*:*",
"cpe:2.3:o:ibm:power9_system_firmware:fw1030.60:*:*:*:*:*:*:*",
"cpe:2.3:o:ibm:power9_system_firmware:fw1050.00:*:*:*:*:*:*:*",
"cpe:2.3:o:ibm:power9_system_firmware:fw1050.20:*:*:*:*:*:*:*",
"cpe:2.3:o:ibm:power9_system_firmware:fw1060.00:*:*:*:*:*:*:*",
"cpe:2.3:o:ibm:power9_system_firmware:fw1060.10:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PowerVM Hypervisor",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "FW950.90",
"status": "affected",
"version": "FW950.00",
"versionType": "semver"
},
{
"lessThanOrEqual": "FW1030.60",
"status": "affected",
"version": "FW1030.00",
"versionType": "semver"
},
{
"lessThanOrEqual": "FW1050.20",
"status": "affected",
"version": "FW1050.00",
"versionType": "semver"
},
{
"lessThanOrEqual": "FW1060.10",
"status": "affected",
"version": "FW1060.00",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60,\u0026nbsp;FW1050.00 through\u0026nbsp;FW1050.20, and FW1060.00 through FW1060.10\u0026nbsp;functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore."
}
],
"value": "IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60,\u00a0FW1050.00 through\u00a0FW1050.20, and FW1060.00 through FW1060.10\u00a0functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of System Data to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T11:55:52.350Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7172698"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM PowerVM Hypervisor information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-41781",
"datePublished": "2024-11-22T11:55:52.350Z",
"dateReserved": "2024-07-22T12:03:08.192Z",
"dateUpdated": "2024-11-22T15:34:36.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45549 (GCVE-0-2024-45549)
Vulnerability from cvelistv5 – Published: 2025-04-07 10:15 – Updated: 2025-04-07 16:54
VLAI
Title
Exposure of Sensitive System Information to an Unauthorized Control Sphere in KERNEL
Summary
Information disclosure while creating MQ channels.
Severity
7.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
AR8035
Affected: FastConnect 6700 Affected: FastConnect 6800 Affected: FastConnect 6900 Affected: FastConnect 7800 Affected: QAM8255P Affected: QAM8295P Affected: QAM8620P Affected: QAM8650P Affected: QAM8775P Affected: QAMSRV1H Affected: QAMSRV1M Affected: QCA6174A Affected: QCA6391 Affected: QCA6421 Affected: QCA6426 Affected: QCA6431 Affected: QCA6436 Affected: QCA6574AU Affected: QCA6584AU Affected: QCA6595 Affected: QCA6595AU Affected: QCA6678AQ Affected: QCA6688AQ Affected: QCA6696 Affected: QCA6698AQ Affected: QCA6797AQ Affected: QCA8081 Affected: QCA8337 Affected: QCC710 Affected: QCM4490 Affected: QCM8550 Affected: QCN6024 Affected: QCN6224 Affected: QCN6274 Affected: QCN9011 Affected: QCN9012 Affected: QCN9024 Affected: QCN9274 Affected: QCS4490 Affected: QCS7230 Affected: QCS8250 Affected: QCS8300 Affected: QCS8550 Affected: QCS9100 Affected: QDU1000 Affected: QDU1010 Affected: QDU1110 Affected: QDU1210 Affected: QDX1010 Affected: QDX1011 Affected: QEP8111 Affected: QFW7114 Affected: QFW7124 Affected: QMP1000 Affected: QRU1032 Affected: QRU1052 Affected: QRU1062 Affected: QSM8250 Affected: Qualcomm Video Collaboration VC5 Platform Affected: SA7255P Affected: SA7775P Affected: SA8255P Affected: SA8295P Affected: SA8530P Affected: SA8540P Affected: SA8620P Affected: SA8650P Affected: SA8770P Affected: SA8775P Affected: SA9000P Affected: SC8380XP Affected: SD 8 Gen1 5G Affected: SD865 5G Affected: SDM429W Affected: SDX55 Affected: SDX61 Affected: SDX71M Affected: SDX80M Affected: SG8275P Affected: SM4635 Affected: SM6650 Affected: SM7635 Affected: SM7675 Affected: SM7675P Affected: SM8550P Affected: SM8635 Affected: SM8635P Affected: SM8650Q Affected: SM8735 Affected: SM8750 Affected: SM8750P Affected: Snapdragon 4 Gen 2 Mobile Platform Affected: Snapdragon 429 Mobile Platform Affected: Snapdragon 8 Gen 1 Mobile Platform Affected: Snapdragon 8 Gen 2 Mobile Platform Affected: Snapdragon 8 Gen 3 Mobile Platform Affected: Snapdragon 8+ Gen 1 Mobile Platform Affected: Snapdragon 8+ Gen 2 Mobile Platform Affected: Snapdragon 865 5G Mobile Platform Affected: Snapdragon 865+ 5G Mobile Platform (SM8250-AB) Affected: Snapdragon 870 5G Mobile Platform (SM8250-AC) Affected: Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB) Affected: Snapdragon AR1 Gen 1 Platform Affected: Snapdragon AR1 Gen 1 Platform "Luna1" Affected: Snapdragon AR2 Gen 1 Platform Affected: Snapdragon Auto 5G Modem-RF Gen 2 Affected: Snapdragon Wear 4100+ Platform Affected: Snapdragon X35 5G Modem-RF System Affected: Snapdragon X55 5G Modem-RF System Affected: Snapdragon X62 5G Modem-RF System Affected: Snapdragon X65 5G Modem-RF System Affected: Snapdragon X70 Modem-RF System Affected: Snapdragon X72 5G Modem-RF System Affected: Snapdragon X75 5G Modem-RF System Affected: Snapdragon XR2 5G Platform Affected: Snapdragon XR2+ Gen 1 Platform Affected: SRV1H Affected: SRV1L Affected: SRV1M Affected: SSG2115P Affected: SSG2125P Affected: SXR1230P Affected: SXR2130 Affected: SXR2230P Affected: SXR2250P Affected: SXR2330P Affected: TalynPlus Affected: WCD9340 Affected: WCD9370 Affected: WCD9375 Affected: WCD9378 Affected: WCD9380 Affected: WCD9385 Affected: WCD9390 Affected: WCD9395 Affected: WCN3620 Affected: WCN3660B Affected: WCN3680B Affected: WCN3950 Affected: WCN3980 Affected: WCN3988 Affected: WCN6450 Affected: WCN6650 Affected: WCN6740 Affected: WCN6755 Affected: WCN7750 Affected: WCN7860 Affected: WCN7861 Affected: WCN7880 Affected: WCN7881 Affected: WSA8810 Affected: WSA8815 Affected: WSA8830 Affected: WSA8832 Affected: WSA8835 Affected: WSA8840 Affected: WSA8845 Affected: WSA8845H |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45549",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T16:51:26.226415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T16:54:13.006Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Auto",
"Snapdragon CCW",
"Snapdragon Compute",
"Snapdragon Connectivity",
"Snapdragon Consumer IOT",
"Snapdragon Industrial IOT",
"Snapdragon MC",
"Snapdragon MDM",
"Snapdragon Mobile",
"Snapdragon Technology",
"Snapdragon WBC",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AR8035"
},
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6800"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "QAM8255P"
},
{
"status": "affected",
"version": "QAM8295P"
},
{
"status": "affected",
"version": "QAM8620P"
},
{
"status": "affected",
"version": "QAM8650P"
},
{
"status": "affected",
"version": "QAM8775P"
},
{
"status": "affected",
"version": "QAMSRV1H"
},
{
"status": "affected",
"version": "QAMSRV1M"
},
{
"status": "affected",
"version": "QCA6174A"
},
{
"status": "affected",
"version": "QCA6391"
},
{
"status": "affected",
"version": "QCA6421"
},
{
"status": "affected",
"version": "QCA6426"
},
{
"status": "affected",
"version": "QCA6431"
},
{
"status": "affected",
"version": "QCA6436"
},
{
"status": "affected",
"version": "QCA6574AU"
},
{
"status": "affected",
"version": "QCA6584AU"
},
{
"status": "affected",
"version": "QCA6595"
},
{
"status": "affected",
"version": "QCA6595AU"
},
{
"status": "affected",
"version": "QCA6678AQ"
},
{
"status": "affected",
"version": "QCA6688AQ"
},
{
"status": "affected",
"version": "QCA6696"
},
{
"status": "affected",
"version": "QCA6698AQ"
},
{
"status": "affected",
"version": "QCA6797AQ"
},
{
"status": "affected",
"version": "QCA8081"
},
{
"status": "affected",
"version": "QCA8337"
},
{
"status": "affected",
"version": "QCC710"
},
{
"status": "affected",
"version": "QCM4490"
},
{
"status": "affected",
"version": "QCM8550"
},
{
"status": "affected",
"version": "QCN6024"
},
{
"status": "affected",
"version": "QCN6224"
},
{
"status": "affected",
"version": "QCN6274"
},
{
"status": "affected",
"version": "QCN9011"
},
{
"status": "affected",
"version": "QCN9012"
},
{
"status": "affected",
"version": "QCN9024"
},
{
"status": "affected",
"version": "QCN9274"
},
{
"status": "affected",
"version": "QCS4490"
},
{
"status": "affected",
"version": "QCS7230"
},
{
"status": "affected",
"version": "QCS8250"
},
{
"status": "affected",
"version": "QCS8300"
},
{
"status": "affected",
"version": "QCS8550"
},
{
"status": "affected",
"version": "QCS9100"
},
{
"status": "affected",
"version": "QDU1000"
},
{
"status": "affected",
"version": "QDU1010"
},
{
"status": "affected",
"version": "QDU1110"
},
{
"status": "affected",
"version": "QDU1210"
},
{
"status": "affected",
"version": "QDX1010"
},
{
"status": "affected",
"version": "QDX1011"
},
{
"status": "affected",
"version": "QEP8111"
},
{
"status": "affected",
"version": "QFW7114"
},
{
"status": "affected",
"version": "QFW7124"
},
{
"status": "affected",
"version": "QMP1000"
},
{
"status": "affected",
"version": "QRU1032"
},
{
"status": "affected",
"version": "QRU1052"
},
{
"status": "affected",
"version": "QRU1062"
},
{
"status": "affected",
"version": "QSM8250"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC5 Platform"
},
{
"status": "affected",
"version": "SA7255P"
},
{
"status": "affected",
"version": "SA7775P"
},
{
"status": "affected",
"version": "SA8255P"
},
{
"status": "affected",
"version": "SA8295P"
},
{
"status": "affected",
"version": "SA8530P"
},
{
"status": "affected",
"version": "SA8540P"
},
{
"status": "affected",
"version": "SA8620P"
},
{
"status": "affected",
"version": "SA8650P"
},
{
"status": "affected",
"version": "SA8770P"
},
{
"status": "affected",
"version": "SA8775P"
},
{
"status": "affected",
"version": "SA9000P"
},
{
"status": "affected",
"version": "SC8380XP"
},
{
"status": "affected",
"version": "SD 8 Gen1 5G"
},
{
"status": "affected",
"version": "SD865 5G"
},
{
"status": "affected",
"version": "SDM429W"
},
{
"status": "affected",
"version": "SDX55"
},
{
"status": "affected",
"version": "SDX61"
},
{
"status": "affected",
"version": "SDX71M"
},
{
"status": "affected",
"version": "SDX80M"
},
{
"status": "affected",
"version": "SG8275P"
},
{
"status": "affected",
"version": "SM4635"
},
{
"status": "affected",
"version": "SM6650"
},
{
"status": "affected",
"version": "SM7635"
},
{
"status": "affected",
"version": "SM7675"
},
{
"status": "affected",
"version": "SM7675P"
},
{
"status": "affected",
"version": "SM8550P"
},
{
"status": "affected",
"version": "SM8635"
},
{
"status": "affected",
"version": "SM8635P"
},
{
"status": "affected",
"version": "SM8650Q"
},
{
"status": "affected",
"version": "SM8735"
},
{
"status": "affected",
"version": "SM8750"
},
{
"status": "affected",
"version": "SM8750P"
},
{
"status": "affected",
"version": "Snapdragon 4 Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 429 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8 Gen 3 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8+ Gen 1 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8+ Gen 2 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 865 5G Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"
},
{
"status": "affected",
"version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon AR1 Gen 1 Platform \"Luna1\""
},
{
"status": "affected",
"version": "Snapdragon AR2 Gen 1 Platform"
},
{
"status": "affected",
"version": "Snapdragon Auto 5G Modem-RF Gen 2"
},
{
"status": "affected",
"version": "Snapdragon Wear 4100+ Platform"
},
{
"status": "affected",
"version": "Snapdragon X35 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X55 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X62 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X65 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X70 Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X72 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon X75 5G Modem-RF System"
},
{
"status": "affected",
"version": "Snapdragon XR2 5G Platform"
},
{
"status": "affected",
"version": "Snapdragon XR2+ Gen 1 Platform"
},
{
"status": "affected",
"version": "SRV1H"
},
{
"status": "affected",
"version": "SRV1L"
},
{
"status": "affected",
"version": "SRV1M"
},
{
"status": "affected",
"version": "SSG2115P"
},
{
"status": "affected",
"version": "SSG2125P"
},
{
"status": "affected",
"version": "SXR1230P"
},
{
"status": "affected",
"version": "SXR2130"
},
{
"status": "affected",
"version": "SXR2230P"
},
{
"status": "affected",
"version": "SXR2250P"
},
{
"status": "affected",
"version": "SXR2330P"
},
{
"status": "affected",
"version": "TalynPlus"
},
{
"status": "affected",
"version": "WCD9340"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9378"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCD9390"
},
{
"status": "affected",
"version": "WCD9395"
},
{
"status": "affected",
"version": "WCN3620"
},
{
"status": "affected",
"version": "WCN3660B"
},
{
"status": "affected",
"version": "WCN3680B"
},
{
"status": "affected",
"version": "WCN3950"
},
{
"status": "affected",
"version": "WCN3980"
},
{
"status": "affected",
"version": "WCN3988"
},
{
"status": "affected",
"version": "WCN6450"
},
{
"status": "affected",
"version": "WCN6650"
},
{
"status": "affected",
"version": "WCN6740"
},
{
"status": "affected",
"version": "WCN6755"
},
{
"status": "affected",
"version": "WCN7750"
},
{
"status": "affected",
"version": "WCN7860"
},
{
"status": "affected",
"version": "WCN7861"
},
{
"status": "affected",
"version": "WCN7880"
},
{
"status": "affected",
"version": "WCN7881"
},
{
"status": "affected",
"version": "WSA8810"
},
{
"status": "affected",
"version": "WSA8815"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8832"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information disclosure while creating MQ channels."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T10:15:43.251Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html"
}
],
"title": "Exposure of Sensitive System Information to an Unauthorized Control Sphere in KERNEL"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2024-45549",
"datePublished": "2025-04-07T10:15:43.251Z",
"dateReserved": "2024-09-02T10:26:15.222Z",
"dateUpdated": "2025-04-07T16:54:13.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Production applications should never use methods that generate internal details such as stack traces and error messages unless that information is directly committed to a log that is not viewable by the end user. All error message text should be HTML entity encoded before being written to the log file to protect against potential cross-site scripting attacks against the viewer of the logs
CAPEC-170: Web Application Fingerprinting
An attacker sends a series of probes to a web application in order to elicit version-dependent and type-dependent behavior that assists in identifying the target. An attacker could learn information such as software versions, error pages, and response headers, variations in implementations of the HTTP protocol, directory structures, and other similar information about the targeted service. This information can then be used by an attacker to formulate a targeted attack plan. While web application fingerprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
CAPEC-694: System Location Discovery
["An adversary collects information about the target system in an attempt to identify the system's geographical location.", 'Information gathered could include keyboard layout, system language, and timezone. This information may benefit an adversary in confirming the desired target and/or tailoring further attacks.']