CWE-552
Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.
CVE-2023-3712 (GCVE-0-2023-3712)
Vulnerability from cvelistv5 – Published: 2023-09-12 19:59 – Updated: 2025-09-12 19:33
VLAI
Title
Potential user privilege escalation
Summary
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.
Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
Severity
6.6 (Medium)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| Honeywell | PM23/43 |
Affected:
0 , < P10.19.050004
(semver)
|
|
| Honeywell | PC23/43, PD43 |
Affected:
0 , < K10.19.050004
(semver)
|
|
| Honeywell | PM42 |
Affected:
0 , < T10.19.050004
(semver)
|
|
| Honeywell | PM42 |
Affected:
0 , < L10.19.050004
(semver)
|
|
| Honeywell | PX4ie/6ie |
Affected:
0 , < A10.19.050004
(semver)
|
|
| Honeywell | PX45/65 |
Affected:
0 , < B10.19.050004
(semver)
|
|
| Honeywell | PD45, PX240 |
Affected:
0 , < F10.19.050004
(semver)
|
|
| Honeywell | PX940 |
Affected:
0 , < H10.19.050004
(semver)
|
|
| Honeywell | PM45 |
Affected:
0 , < J10.19.050004
(semver)
|
|
| Honeywell | RP2f/RP4f |
Affected:
0 , < M10.19.050006
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.honeywell.com/us/en/product-security"
},
{
"tags": [
"x_transferred"
],
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004"
},
{
"tags": [
"x_transferred"
],
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3712",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:54:07.219279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:19:21.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Printer web page"
],
"platforms": [
"32 bit"
],
"product": "PM23/43",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "P10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PC23/43, PD43",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "K10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM42",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "T10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM42",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "L10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX4ie/6ie",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "A10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX45/65",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "B10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PD45, PX240",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "F10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PX940",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "H10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "PM45",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "J10.19.050004",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"32 bit"
],
"product": "RP2f/RP4f",
"vendor": "Honeywell",
"versions": [
{
"lessThan": "M10.19.050006",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jinqi Lai (Independent Security Researcher)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.\u003cp\u003eThis issue affects PM43 versions prior to P10.19.050004.\u0026nbsp;\n\nUpdate to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\u003c/p\u003e"
}
],
"value": "Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.\u00a0\n\nUpdate to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006)."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T19:33:38.362Z",
"orgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"shortName": "Honeywell"
},
"references": [
{
"url": "https://www.honeywell.com/us/en/product-security"
},
{
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004"
},
{
"url": "https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwarexasignedP1019050004A"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Potential user privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "0dc86260-d7e3-4e81-ba06-3508e030ce8d",
"assignerShortName": "Honeywell",
"cveId": "CVE-2023-3712",
"datePublished": "2023-09-12T19:59:00.396Z",
"dateReserved": "2023-07-17T13:59:27.158Z",
"dateUpdated": "2025-09-12T19:33:38.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-37551 (GCVE-0-2023-37551)
Vulnerability from cvelistv5 – Published: 2023-08-03 11:03 – Updated: 2024-10-11 18:10
VLAI
Title
CODESYS Files or Directories Accessible to External Parties in CmpApp
Summary
In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller.
Severity
6.5 (Medium)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
Impacted products
16 products
| Vendor | Product | Version | |
|---|---|---|---|
| CODESYS | CODESYS Control for BeagleBone SL |
Affected:
0 , < V4.10.0.0
(semver)
|
|
| CODESYS | CODESYS Control for emPC-A/iMX6 SL |
Affected:
0 , < V4.10.0.0
(semver)
|
|
| CODESYS | CODESYS Control for IOT2000 SL |
Affected:
0 , < V4.10.0.0
(semver)
|
|
| CODESYS | CODESYS Control for Linux SL |
Affected:
0 , < V4.10.0.0
(semver)
|
|
| CODESYS | CODESYS Control for PFC100 SL |
Affected:
0 , < V4.10.0.0
(semver)
|
|
| CODESYS | CODESYS Control for PFC200 SL |
Affected:
0 , < V4.10.0.0
(semver)
|
|
| CODESYS | CODESYS Control for PLCnext SL |
Affected:
0 , < V4.10.0.0
(semver)
|
|
| CODESYS | CODESYS Control for Raspberry Pi SL |
Affected:
0 , < V4.10.0.0
(semver)
|
|
| CODESYS | CODESYS Control for WAGO Touch Panels 600 SL |
Affected:
0 , < V4.10.0.0
(semver)
|
|
| CODESYS | CODESYS Control RTE (for Beckhoff CX) SL |
Affected:
0 , < V3.5.19.20
(semver)
|
|
| CODESYS | CODESYS Control RTE (SL) |
Affected:
0 , < V3.5.19.20
(semver)
|
|
| CODESYS | CODESYS Control Runtime System Toolkit |
Affected:
0 , < V3.5.19.20
(semver)
|
|
| CODESYS | CODESYS Control Win (SL) |
Affected:
0 , < V3.5.19.20
(semver)
|
|
| CODESYS | CODESYS Development System V3 |
Affected:
0 , < V3.5.19.20
(semver)
|
|
| CODESYS | CODESYS HMI (SL) |
Affected:
0 , < V3.5.19.20
(semver)
|
|
| CODESYS | CODESYS Safety SIL2 Runtime Toolkit |
Affected:
0 , < V3.5.19.20
(semver)
|
Date Public
2023-08-03 10:30
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert.vde.com/en/advisories/VDE-2023-019/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37551",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T18:01:50.770279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T18:10:51.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for BeagleBone SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.10.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for emPC-A/iMX6 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.10.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for IOT2000 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.10.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for Linux SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.10.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for PFC100 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.10.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for PFC200 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.10.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for PLCnext SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.10.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for Raspberry Pi SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.10.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control for WAGO Touch Panels 600 SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V4.10.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control RTE (for Beckhoff CX) SL",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.19.20",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control RTE (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.19.20",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control Runtime System Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.19.20",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Control Win (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.19.20",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Development System V3",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.19.20",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS HMI (SL)",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.19.20",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "CODESYS Safety SIL2 Runtime Toolkit",
"vendor": "CODESYS",
"versions": [
{
"lessThan": "V3.5.19.20",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Vladimir Tokarev, Section 52, Azure IoT Security at Microsoft"
}
],
"datePublic": "2023-08-03T10:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller."
}
],
"value": "In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T11:03:37.457Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2023-019/"
}
],
"source": {
"advisory": "VDE-2023-019",
"defect": [
"CERT@VDE#64558"
],
"discovery": "EXTERNAL"
},
"title": "CODESYS Files or Directories Accessible to External Parties in CmpApp",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2023-37551",
"datePublished": "2023-08-03T11:03:37.457Z",
"dateReserved": "2023-07-07T07:39:16.323Z",
"dateUpdated": "2024-10-11T18:10:51.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39479 (GCVE-0-2023-39479)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:10 – Updated: 2024-08-02 18:10
VLAI
Title
Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability
Summary
Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20548.
Severity
6.6 (Medium)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | Secure Integration Server |
Affected:
1.22.0.8686
|
Date Public
2023-08-09 18:04
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:softing:secure_integration_server:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_integration_server",
"vendor": "softing",
"versions": [
{
"status": "affected",
"version": "1.22.0.8686"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-06T15:40:12.735732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:27:01.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1061",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1061/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "1.22.0.8686"
}
]
}
],
"dateAssigned": "2023-08-02T21:44:31.520Z",
"datePublic": "2023-08-09T18:04:34.926Z",
"descriptions": [
{
"lang": "en",
"value": "Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This vulnerability allows remote attackers to create directories on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20548."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:10:44.345Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1061",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1061/"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39479",
"datePublished": "2024-05-03T02:10:44.345Z",
"dateReserved": "2023-08-02T21:37:23.125Z",
"dateUpdated": "2024-08-02T18:10:20.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39480 (GCVE-0-2023-39480)
Vulnerability from cvelistv5 – Published: 2024-05-03 02:10 – Updated: 2024-08-02 18:10
VLAI
Title
Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability
Summary
Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20549.
Severity
4.4 (Medium)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Softing | Secure Integration Server |
Affected:
1.22.0.8686
|
Date Public
2023-08-09 18:04
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:softing:secure_integration_server:1.22.0.8686:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_integration_server",
"vendor": "softing",
"versions": [
{
"status": "affected",
"version": "1.22.0.8686"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39480",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T15:29:33.855719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T15:42:02.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:20.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1062",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1062/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Secure Integration Server",
"vendor": "Softing",
"versions": [
{
"status": "affected",
"version": "1.22.0.8686"
}
]
}
],
"dateAssigned": "2023-08-02T21:44:31.526Z",
"datePublic": "2023-08-09T18:04:40.922Z",
"descriptions": [
{
"lang": "en",
"value": "Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Softing Secure Integration Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the handling of FileDirectory OPC UA Objects. The issue results from allowing unauthorized access to the filesystem. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20549."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T02:10:45.099Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1062",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1062/"
}
],
"source": {
"lang": "en",
"value": "Claroty Research - Team82 - Uri Katz, Noam Moshe, Vera Mens, Sharon Brizinov"
},
"title": "Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-39480",
"datePublished": "2024-05-03T02:10:45.099Z",
"dateReserved": "2023-08-02T21:37:23.125Z",
"dateUpdated": "2024-08-02T18:10:20.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39545 (GCVE-0-2023-39545)
Vulnerability from cvelistv5 – Published: 2023-11-17 05:30 – Updated: 2024-08-29 14:31
VLAI
Summary
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.
Severity
No CVSS data available.
CWE
- CWE-552 - Files or directories accessible to external parties
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| NEC Corporation | CLUSTERPRO X (EXPRESSCLUSTER X) |
Affected:
1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1
|
|
| NEC Corporation | CLUSTERPRO X SingleServerSafe (EXPRESSCLUSTER X SingleServerSafe) |
Affected:
1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:10:21.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39545",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T14:29:22.540390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T14:31:29.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CLUSTERPRO X (EXPRESSCLUSTER X)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1"
}
]
},
{
"product": "CLUSTERPRO X SingleServerSafe (EXPRESSCLUSTER X SingleServerSafe)",
"vendor": "NEC Corporation",
"versions": [
{
"status": "affected",
"version": "1.0, 2.0 2.1, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0 and 5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mr. David Levard in Videotron."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eCLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.\u003c/p\u003e"
}
],
"value": "CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or directories accessible to external parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-24T11:49:21.575Z",
"orgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"shortName": "NEC"
},
"references": [
{
"url": "https://jpn.nec.com/security-info/secinfo/nv23-009_en.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f2760a35-e0d8-4637-ac4c-cc1a2de3e282",
"assignerShortName": "NEC",
"cveId": "CVE-2023-39545",
"datePublished": "2023-11-17T05:30:10.859Z",
"dateReserved": "2023-08-04T07:22:19.322Z",
"dateUpdated": "2024-08-29T14:31:29.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41916 (GCVE-0-2023-41916)
Vulnerability from cvelistv5 – Published: 2024-07-15 07:53 – Updated: 2025-03-14 15:16
VLAI
Title
Apache Linkis DataSource: DatasourceManager module has a JDBC parameter judgment logic vulnerability that allows for arbitrary file reading
Summary
In Apache Linkis =1.4.0, due to the lack of effective filtering
of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis = 1.4.0 will be affected.
We recommend users upgrade the version of Linkis to version 1.5.0.
Severity
No CVSS data available.
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/dxkpwyoxy1jpdwlpq… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Linkis DataSource |
Affected:
1.4.0 , < 1.5.0
(maven)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-41916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T15:17:30.681890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T15:16:15.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-13T17:03:55.317Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/dxkpwyoxy1jpdwlpqp15zvo0jxn4v729"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/13/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.linkis:linkis-metadata-query-service-jdbc",
"product": "Apache Linkis DataSource",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "1.4.0",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Pho3n1x "
},
{
"lang": "en",
"type": "reporter",
"value": " L0ne1y"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nIn Apache Linkis =1.4.0, due to the lack of effective filtering\nof parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003earbitrary file reading\u003c/span\u003e. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis = 1.4.0 will be affected.\u0026nbsp;\u003cbr\u003eWe recommend users upgrade the version of Linkis to version 1.5.0.\n\n\u003cbr\u003e\n\n"
}
],
"value": "\nIn Apache Linkis =1.4.0, due to the lack of effective filtering\nof parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger\u00a0arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis = 1.4.0 will be affected.\u00a0\nWe recommend users upgrade the version of Linkis to version 1.5.0.\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T07:53:57.843Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/dxkpwyoxy1jpdwlpqp15zvo0jxn4v729"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Linkis DataSource: DatasourceManager module has a JDBC parameter judgment logic vulnerability that allows for arbitrary file reading",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-41916",
"datePublished": "2024-07-15T07:53:57.843Z",
"dateReserved": "2023-09-05T07:51:39.686Z",
"dateUpdated": "2025-03-14T15:16:15.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4475 (GCVE-0-2023-4475)
Vulnerability from cvelistv5 – Published: 2023-08-22 09:02 – Updated: 2024-10-02 20:02
VLAI
Title
An Arbitrary File Movement vulnerability was found on the ADM
Summary
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
Severity
7.5 (High)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.asustor.com/security/security_advisor… | vendor-advisory |
Impacted products
Date Public
2023-08-30 07:15
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:05.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.asustor.com/security/security_advisory_detail?id=30"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T20:00:13.355436Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T20:02:50.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "File Explorer",
"platforms": [
"Linux",
"x86",
"ARM",
"64 bit"
],
"product": "ADM",
"vendor": "ASUSTOR",
"versions": [
{
"lessThanOrEqual": "4.0.6.RIS1",
"status": "affected",
"version": "4.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.1.0.RLQ1",
"status": "affected",
"version": "4.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.2.2.RI61",
"status": "affected",
"version": "4.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "St\u00e9phane Chauveau (stephane@chauveau-central.net)"
}
],
"datePublic": "2023-08-30T07:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.\u003cbr\u003e"
}
],
"value": "An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-22T09:02:30.376Z",
"orgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77",
"shortName": "ASUSTOR1"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.asustor.com/security/security_advisory_detail?id=30"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "An Arbitrary File Movement vulnerability was found on the ADM",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f35eaae9-79f2-4d0d-a5c7-7bea6ed6be77",
"assignerShortName": "ASUSTOR1",
"cveId": "CVE-2023-4475",
"datePublished": "2023-08-22T09:02:30.376Z",
"dateReserved": "2023-08-22T07:08:47.286Z",
"dateUpdated": "2024-10-02T20:02:50.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45160 (GCVE-0-2023-45160)
Vulnerability from cvelistv5 – Published: 2023-10-05 15:12 – Updated: 2025-06-18 18:41
VLAI
Title
Elevated Temp Directory Execution in 1E Client
Summary
In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client's temporary directory is now locked down in the released patch.
Resolution: This has been fixed in patch Q23094
This issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Support site.
Customers with Mac Client versions higher than v8.1 will need to upgrade to v23.11 to remediate this vulnerability.
Severity
8.8 (High)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.1e.com/trust-security-compliance/cve-info/"
},
{
"tags": [
"x_transferred"
],
"url": "https://1e.my.site.com/s/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.1e.com/vulnerability-disclosure-policy/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T19:08:13.221319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T19:08:24.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "1E Client",
"vendor": "1E",
"versions": [
{
"lessThanOrEqual": "8.1.2.62",
"status": "affected",
"version": "0",
"versionType": "Q23094"
},
{
"lessThanOrEqual": "8.4.1.159",
"status": "affected",
"version": "0",
"versionType": "Q23094"
},
{
"lessThanOrEqual": "9.0.1.88",
"status": "affected",
"version": "0",
"versionType": "Q23094"
},
{
"lessThanOrEqual": "23.7.1.151",
"status": "affected",
"version": "0",
"versionType": "Q23094"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In the affected version of the 1E Client, an o\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003erdinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client\u0027s temporary directory is now locked down in the released patch.\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eResolution: This has been fixed in patch Q23094\u0026nbsp;\u003cbr\u003e\u003cbr\u003eThis issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Support site. \u003cbr\u003e\u003cbr\u003eCustomers with Mac Client versions higher than v8.1 will need to upgrade to v23.11 to remediate this vulnerability.\u003c/span\u003e\u003c/span\u003e"
}
],
"value": "In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. The 1E Client\u0027s temporary directory is now locked down in the released patch.\n\n\n\nResolution: This has been fixed in patch Q23094\u00a0\n\nThis issue has also been fixed in the Mac Client in updated versions of Non-Windows release v8.1.2.62 - please re-download from the 1E Support site. \n\nCustomers with Mac Client versions higher than v8.1 will need to upgrade to v23.11 to remediate this vulnerability."
}
],
"impacts": [
{
"capecId": "CAPEC-177",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-177 Create files with the same name as files protected with a higher classification"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-18T18:41:01.614Z",
"orgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
"shortName": "1E"
},
"references": [
{
"url": "https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2023-2002/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Elevated Temp Directory Execution in 1E Client",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "4a68d2b9-b68a-4765-95bd-17f35092666b",
"assignerShortName": "1E",
"cveId": "CVE-2023-45160",
"datePublished": "2023-10-05T15:12:20.743Z",
"dateReserved": "2023-10-04T23:59:54.078Z",
"dateUpdated": "2025-06-18T18:41:01.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4550 (GCVE-0-2023-4550)
Vulnerability from cvelistv5 – Published: 2024-01-29 20:56 – Updated: 2024-11-12 21:30
VLAI
Title
Unauthenticated Arbitrary File Read
Summary
Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.
An unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted.
This issue affects AppBuilder: from 21.2 before 23.2.
Severity
7.5 (High)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | AppBuilder |
Unaffected:
23.2
Affected: 21.2 , < 23.2 (custom) |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:31:06.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.opentext.com/csm?id=ot_kb_search\u0026kb_category=61648712db61781068cfd6c4e296197b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4550",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-01T16:47:52.785921Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T21:30:04.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "AppBuilder",
"vendor": "OpenText",
"versions": [
{
"status": "unaffected",
"version": "23.2"
},
{
"lessThan": "23.2",
"status": "affected",
"version": "21.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "George Mathias"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eImproper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.\u003c/div\u003e\u003cdiv\u003eAn unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted. \u003cbr\u003e\u003c/div\u003e\u003cp\u003eThis issue affects AppBuilder: from 21.2 before 23.2.\u003c/p\u003e"
}
],
"value": "Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in OpenText AppBuilder on Windows, Linux allows Probe System Files.\n\nAn unauthenticated or authenticated user can abuse a page of AppBuilder to read arbitrary files on the server on which it is hosted. \n\n\nThis issue affects AppBuilder: from 21.2 before 23.2.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-639",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-639 Probe System Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-29T20:56:09.908Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_search\u0026kb_category=61648712db61781068cfd6c4e296197b"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Arbitrary File Read",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2023-4550",
"datePublished": "2024-01-29T20:56:09.908Z",
"dateReserved": "2023-08-25T16:54:44.535Z",
"dateUpdated": "2024-11-12T21:30:04.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45594 (GCVE-0-2023-45594)
Vulnerability from cvelistv5 – Published: 2024-03-05 11:28 – Updated: 2024-08-12 17:31
VLAI
Summary
A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, with unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
Severity
6.8 (Medium)
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AiLux | imx6 bundle |
Affected:
0 , < 1.0.7-2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:16.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45594"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ailux:imx6_bundle:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "imx6_bundle",
"vendor": "ailux",
"versions": [
{
"lessThan": "1.0.7-2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-05T16:07:31.819294Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T17:31:54.836Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "imx6 bundle",
"vendor": "AiLux",
"versions": [
{
"lessThan": "1.0.7-2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A CWE-552 \u201cFiles or Directories Accessible to External Parties\u201d vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, with unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."
}
],
"value": "A CWE-552 \u201cFiles or Directories Accessible to External Parties\u201d vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, with unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."
}
],
"impacts": [
{
"capecId": "CAPEC-17",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-17 Using Malicious Files"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T11:28:38.333Z",
"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"shortName": "Nozomi"
},
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45594"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c",
"assignerShortName": "Nozomi",
"cveId": "CVE-2023-45594",
"datePublished": "2024-03-05T11:28:38.333Z",
"dateReserved": "2023-10-09T08:26:54.316Z",
"dateUpdated": "2024-08-12T17:31:54.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases: Implementation, System Configuration, Operation
Description:
- When storing data in the cloud (e.g., S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to disable public access.
CAPEC-150: Collect Data from Common Resource Locations
An adversary exploits well-known locations for resources for the purposes of undermining the security of the target. In many, if not most systems, files and resources are organized in a default tree structure. This can be useful for adversaries because they often know where to look for resources or files that are necessary for attacks. Even when the precise location of a targeted resource may not be known, naming conventions may indicate a small area of the target machine's file tree where the resources are typically located. For example, configuration files are normally stored in the /etc director on Unix systems. Adversaries can take advantage of this to commit other types of attacks.
CAPEC-639: Probe System Files
An adversary obtains unauthorized information due to improperly protected files. If an application stores sensitive information in a file that is not protected by proper access control, then an adversary can access the file and search for sensitive information.