CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
CVE-2024-49381 (GCVE-0-2024-49381)
Vulnerability from cvelistv5 – Published: 2024-10-25 13:06 – Updated: 2024-10-25 13:47
VLAI
Title
Plenti arbitrary file deletion vulnerability
Summary
Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss. Version 0.7.2 fixes the vulnerability.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://securitylab.github.com/advisories/GHSL-20… | x_refsource_CONFIRM |
| https://github.com/plentico/plenti/blob/01825e0dc… | x_refsource_MISC |
| https://github.com/plentico/plenti/releases/tag/v0.7.2 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:plenti:plentico:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "plentico",
"vendor": "plenti",
"versions": [
{
"lessThan": "0.7.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49381",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T13:23:04.369079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T13:47:34.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "plenti",
"vendor": "plentico",
"versions": [
{
"status": "affected",
"version": "\u003c 0.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss. Version 0.7.2 fixes the vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T13:06:13.307Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-297_GHSL-2024-298_plenti/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-297_GHSL-2024-298_plenti/"
},
{
"name": "https://github.com/plentico/plenti/blob/01825e0dcd3505fac57adc2edf29f772d585c008/cmd/serve.go#L205",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plentico/plenti/blob/01825e0dcd3505fac57adc2edf29f772d585c008/cmd/serve.go#L205"
},
{
"name": "https://github.com/plentico/plenti/releases/tag/v0.7.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plentico/plenti/releases/tag/v0.7.2"
}
],
"source": {
"advisory": "GHSA-6h8w-hrfp-pffx",
"discovery": "UNKNOWN"
},
"title": "Plenti arbitrary file deletion vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-49381",
"datePublished": "2024-10-25T13:06:13.307Z",
"dateReserved": "2024-10-14T13:56:34.814Z",
"dateUpdated": "2024-10-25T13:47:34.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50340 (GCVE-0-2024-50340)
Vulnerability from cvelistv5 – Published: 2024-11-06 21:09 – Updated: 2024-11-07 15:29
VLAI
Title
Ability to change environment from query in symfony/runtime
Summary
symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. As of versions 5.4.46, 6.4.14, and 7.1.7 the `SymfonyRuntime` now ignores the `argv` values for non-SAPI PHP runtimes. All users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/symfony/symfony/security/advis… | x_refsource_CONFIRM |
| https://github.com/symfony/symfony/commit/a77b308… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| symfony | symfony |
Affected:
< 5.4.46
Affected: >= 6.0.0, < 6.4.14 Affected: >= 7.0.0, < 7.1.7 |
|
| sensiolabs | symfony |
Affected:
0 , < 5.4.46
(custom)
Affected: 6.0.0 , < 6.4.14 (custom) Affected: 7.0.0 , < 7.1.7 (custom) cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sensiolabs:symfony:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "symfony",
"vendor": "sensiolabs",
"versions": [
{
"lessThan": "5.4.46",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "6.4.14",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
},
{
"lessThan": "7.1.7",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50340",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T15:27:34.309967Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T15:29:50.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "symfony",
"vendor": "symfony",
"versions": [
{
"status": "affected",
"version": "\u003c 5.4.46"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.4.14"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.1.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. As of versions 5.4.46, 6.4.14, and 7.1.7 the `SymfonyRuntime` now ignores the `argv` values for non-SAPI PHP runtimes. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T21:09:46.750Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j"
},
{
"name": "https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa"
}
],
"source": {
"advisory": "GHSA-x8vp-gf4q-mw5j",
"discovery": "UNKNOWN"
},
"title": "Ability to change environment from query in symfony/runtime"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-50340",
"datePublished": "2024-11-06T21:09:46.750Z",
"dateReserved": "2024-10-22T17:54:40.955Z",
"dateUpdated": "2024-11-07T15:29:50.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50572 (GCVE-0-2024-50572)
Vulnerability from cvelistv5 – Published: 2024-11-12 12:50 – Updated: 2025-02-11 10:28
VLAI
Summary
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions < V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions < V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions < V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions < V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions < V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions < V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions < V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions < V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions < V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions < V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions < V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions < V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions < V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions < V3.0.0). Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
Impacted products
58 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | RUGGEDCOM RM1224 LTE(4G) EU |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | RUGGEDCOM RM1224 LTE(4G) NAM |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M804PB |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M812-1 ADSL-Router |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M816-1 ADSL-Router |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M826-2 SHDSL-Router |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M874-2 |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M874-3 |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M874-3 3G-Router (CN) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M876-3 |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M876-3 (ROK) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M876-4 |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M876-4 (EU) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE M876-4 (NAM) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE MUM853-1 (A1) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE MUM853-1 (B1) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE MUM853-1 (EU) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (A1) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (B1) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (CN) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (EU) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE MUM856-1 (RoW) |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE S615 EEC LAN-Router |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE S615 LAN-Router |
Affected:
0 , < V8.2
(custom)
|
|
| Siemens | SCALANCE WAB762-1 |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WAM763-1 |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WAM763-1 (ME) |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WAM763-1 (US) |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WAM766-1 |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WAM766-1 (ME) |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WAM766-1 (US) |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WAM766-1 EEC |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WAM766-1 EEC (ME) |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WAM766-1 EEC (US) |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WUB762-1 |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WUB762-1 iFeatures |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WUM763-1 |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WUM763-1 (US) |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WUM766-1 |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WUM766-1 (ME) |
Affected:
0 , < V3.0.0
(custom)
|
|
| Siemens | SCALANCE WUM766-1 (USA) |
Affected:
0 , < V3.0.0
(custom)
|
|
| siemens | scalance_m874-3_firmware |
Affected:
0 , < 8.2
(custom)
cpe:2.3:o:siemens:scalance_m874-3_firmware:-:*:*:*:*:*:*:* |
|
| siemens | scalance_m816-1_\(annex_b\)_firmware |
Affected:
0 , < 8.2
(custom)
cpe:2.3:o:siemens:scalance_m816-1_\(annex_a\)_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:scalance_m816-1_\(annex_b\)_firmware:-:*:*:*:*:*:*:* |
|
| siemens | scalance_s615_firmware |
Affected:
0 , < 8.2
(custom)
cpe:2.3:o:siemens:scalance_s615_firmware:-:*:*:*:*:*:*:* |
|
| siemens | scalance_s615_eec_firmware |
Affected:
0 , < 8.2
(custom)
cpe:2.3:o:siemens:scalance_s615_eec_firmware:-:*:*:*:*:*:*:* |
|
| siemens | scalance_mum856-1_\(row\)_firmware |
Affected:
0 , < 8.2
(custom)
cpe:2.3:o:siemens:scalance_mum856-1_\(row\)_firmware:-:*:*:*:*:*:*:* |
|
| siemens | scalance_mum856-1_\(eu\)_firmware |
Affected:
0 , < 8.2
(custom)
cpe:2.3:o:siemens:scalance_mum856-1_\(eu\)_firmware:-:*:*:*:*:*:*:* |
|
| siemens | scalance_mum856-1_\(cn\)_firmware |
Affected:
0 , < 8.2
(custom)
cpe:2.3:o:siemens:scalance_mum856-1_\(cn\)_firmware:-:*:*:*:*:*:*:* |
|
| siemens | scalance_mum856-1_\(b1\)_firmware |
Affected:
0 , < 8.2
(custom)
cpe:2.3:o:siemens:scalance_mum856-1_\(b1\)_firmware:-:*:*:*:*:*:*:* |
|
| siemens | scalance_mum856-1_\(a1\)_firmware |
Affected:
0 , < 8.2
(custom)
cpe:2.3:o:siemens:scalance_mum856-1_\(a1\)_firmware:-:*:*:*:*:*:*:* |
|
| siemens | scalance_mum853-1_\(a1\)_firmware |
Affected:
0 , < 8.2
(custom)
cpe:2.3:o:siemens:scalance_mum853-1_\(a1\)_firmware:-:*:*:*:*:*:*:* |
|
| siemens | scalance_mum853-1_\(b1\)_firmware |
Affected:
0 , < 8.2
(custom)
cpe:2.3:o:siemens:scalance_mum853-1_\(b1\)_firmware:-:*:*:*:*:*:*:* |
|
| siemens | scalance_mum853-1_\(eu\)_firmware |
Affected:
0 , < 8.2
(custom)
cpe:2.3:o:siemens:scalance_mum853-1_\(eu\)_firmware:-:*:*:*:*:*:*:* |
|
| siemens | scalance_m876-4_firmware |
Affected:
0 , < 8.2
(custom)
cpe:2.3:o:siemens:scalance_m876-4_\(eu\)_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:scalance_m876-4_firmware:-:*:*:*:*:*:*:* |
|
| siemens | scalance_m876-3_firmware |
Affected:
0 , < 8.2
(custom)
cpe:2.3:o:siemens:scalance_m876-3_firmware:-:*:*:*:*:*:*:* |
|
| siemens | scalance_m812-1_\(annex_b\)_firmware |
Affected:
0 , < 8.2
(custom)
cpe:2.3:o:siemens:scalance_m812-1_\(annex_a\)_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:scalance_m812-1_\(annex_b\)_firmware:-:*:*:*:*:*:*:* |
|
| siemens | scalance_m804pb_firmware |
Affected:
0 , < 8.2
(custom)
cpe:2.3:o:siemens:scalance_m804pb_firmware:-:*:*:*:*:*:*:* |
|
| siemens | ruggedcom_rm1224_lte\(4g\)_nam_firmware |
Affected:
0 , < 8.2
(custom)
cpe:2.3:o:siemens:ruggedcom_rm1224_lte\(4g\)_eu_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:siemens:ruggedcom_rm1224_lte\(4g\)_nam_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:siemens:scalance_m874-3_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scalance_m874-3_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:scalance_m816-1_\\(annex_a\\)_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:siemens:scalance_m816-1_\\(annex_b\\)_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scalance_m816-1_\\(annex_b\\)_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:scalance_s615_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scalance_s615_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:scalance_s615_eec_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scalance_s615_eec_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:scalance_mum856-1_\\(row\\)_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scalance_mum856-1_\\(row\\)_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:scalance_mum856-1_\\(eu\\)_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scalance_mum856-1_\\(eu\\)_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:scalance_mum856-1_\\(cn\\)_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scalance_mum856-1_\\(cn\\)_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:scalance_mum856-1_\\(b1\\)_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scalance_mum856-1_\\(b1\\)_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:scalance_mum856-1_\\(a1\\)_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scalance_mum856-1_\\(a1\\)_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:scalance_mum853-1_\\(a1\\)_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scalance_mum853-1_\\(a1\\)_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:scalance_mum853-1_\\(b1\\)_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scalance_mum853-1_\\(b1\\)_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:scalance_mum853-1_\\(eu\\)_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scalance_mum853-1_\\(eu\\)_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:scalance_m876-4_\\(eu\\)_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:siemens:scalance_m876-4_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scalance_m876-4_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:scalance_m876-3_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scalance_m876-3_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:scalance_m812-1_\\(annex_a\\)_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:siemens:scalance_m812-1_\\(annex_b\\)_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scalance_m812-1_\\(annex_b\\)_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:scalance_m804pb_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "scalance_m804pb_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:siemens:ruggedcom_rm1224_lte\\(4g\\)_eu_firmware:-:*:*:*:*:*:*:*",
"cpe:2.3:o:siemens:ruggedcom_rm1224_lte\\(4g\\)_nam_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ruggedcom_rm1224_lte\\(4g\\)_nam_firmware",
"vendor": "siemens",
"versions": [
{
"lessThan": "8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50572",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T16:51:10.879106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T16:51:19.040Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RM1224 LTE(4G) EU",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RM1224 LTE(4G) NAM",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M804PB",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M812-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M812-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M816-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M816-1 ADSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M826-2 SHDSL-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M874-3 3G-Router (CN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-3 (ROK)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE M876-4 (NAM)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM853-1 (A1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM853-1 (B1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM853-1 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (A1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (B1)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (CN)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (EU)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE MUM856-1 (RoW)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE S615 EEC LAN-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE S615 LAN-Router",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAB762-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM763-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM763-1 (ME)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM763-1 (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 (ME)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC (ME)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WAM766-1 EEC (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUB762-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUB762-1 iFeatures",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1 (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM763-1 (US)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1 (ME)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SCALANCE WUM766-1 (USA)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions \u003c V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions \u003c V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions \u003c V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions \u003c V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions \u003c V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions \u003c V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions \u003c V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions \u003c V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions \u003c V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions \u003c V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions \u003c V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions \u003c V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions \u003c V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions \u003c V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions \u003c V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions \u003c V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions \u003c V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions \u003c V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions \u003c V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions \u003c V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions \u003c V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions \u003c V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions \u003c V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions \u003c V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions \u003c V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions \u003c V8.2), SCALANCE WAB762-1 (6GK5762-1AJ00-6AA0) (All versions \u003c V3.0.0), SCALANCE WAM763-1 (6GK5763-1AL00-7DA0) (All versions \u003c V3.0.0), SCALANCE WAM763-1 (ME) (6GK5763-1AL00-7DC0) (All versions \u003c V3.0.0), SCALANCE WAM763-1 (US) (6GK5763-1AL00-7DB0) (All versions \u003c V3.0.0), SCALANCE WAM766-1 (6GK5766-1GE00-7DA0) (All versions \u003c V3.0.0), SCALANCE WAM766-1 (ME) (6GK5766-1GE00-7DC0) (All versions \u003c V3.0.0), SCALANCE WAM766-1 (US) (6GK5766-1GE00-7DB0) (All versions \u003c V3.0.0), SCALANCE WAM766-1 EEC (6GK5766-1GE00-7TA0) (All versions \u003c V3.0.0), SCALANCE WAM766-1 EEC (ME) (6GK5766-1GE00-7TC0) (All versions \u003c V3.0.0), SCALANCE WAM766-1 EEC (US) (6GK5766-1GE00-7TB0) (All versions \u003c V3.0.0), SCALANCE WUB762-1 (6GK5762-1AJ00-1AA0) (All versions \u003c V3.0.0), SCALANCE WUB762-1 iFeatures (6GK5762-1AJ00-2AA0) (All versions \u003c V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3AA0) (All versions \u003c V3.0.0), SCALANCE WUM763-1 (6GK5763-1AL00-3DA0) (All versions \u003c V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3AB0) (All versions \u003c V3.0.0), SCALANCE WUM763-1 (US) (6GK5763-1AL00-3DB0) (All versions \u003c V3.0.0), SCALANCE WUM766-1 (6GK5766-1GE00-3DA0) (All versions \u003c V3.0.0), SCALANCE WUM766-1 (ME) (6GK5766-1GE00-3DC0) (All versions \u003c V3.0.0), SCALANCE WUM766-1 (USA) (6GK5766-1GE00-3DB0) (All versions \u003c V3.0.0). Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-11T10:28:50.351Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-769027.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-50572",
"datePublished": "2024-11-12T12:50:08.911Z",
"dateReserved": "2024-10-24T13:47:50.881Z",
"dateUpdated": "2025-02-11T10:28:50.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5184 (GCVE-0-2024-5184)
Vulnerability from cvelistv5 – Published: 2024-06-05 17:52 – Updated: 2024-08-01 21:03
VLAI
Title
Prompt Injection in EmailGPT
Summary
The EmailGPT service contains a prompt injection vulnerability. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service to leak the standard hard-coded system prompts and/or execute unwanted prompts. When engaging with EmailGPT by submitting a malicious prompt that requests harmful information, the system will respond by providing the requested data. This vulnerability can be exploited by any individual with access to the service.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
1 reference
Impacted products
Date Public
2024-06-05 13:00
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:emailgpt:emailgpt:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "emailgpt",
"vendor": "emailgpt",
"versions": [
{
"lessThanOrEqual": "eecfaf2cff58793549dd0c1266ac1d62e0c8811d",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5184",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T13:10:04.946112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:12:29.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:11.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-prompt-injection-emailgpt.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "EmailGPT",
"vendor": "EmailGPT",
"versions": [
{
"lessThanOrEqual": "eecfaf2cff58793549dd0c1266ac1d62e0c8811d",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mohammed Alshehri"
}
],
"datePublic": "2024-06-05T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The EmailGPT service contains a prompt injection vulnerability.\u0026nbsp;The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service to leak the standard hard-coded system prompts and/or execute unwanted prompts.\u0026nbsp;When engaging with EmailGPT by submitting a malicious prompt that requests harmful information, the system will respond by providing the requested data. This vulnerability can be exploited by any individual with access to the service."
}
],
"value": "The EmailGPT service contains a prompt injection vulnerability.\u00a0The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service to leak the standard hard-coded system prompts and/or execute unwanted prompts.\u00a0When engaging with EmailGPT by submitting a malicious prompt that requests harmful information, the system will respond by providing the requested data. This vulnerability can be exploited by any individual with access to the service."
}
],
"impacts": [
{
"capecId": "CAPEC-43",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-43: Exploiting Multiple Input Interpretation Layers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T17:52:13.608Z",
"orgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"shortName": "SNPS"
},
"references": [
{
"url": "https://www.synopsys.com/blogs/software-security/cyrc-advisory-prompt-injection-emailgpt.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Prompt Injection in EmailGPT",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cad7728-009c-4a3d-a95e-ca62e6ff8a0b",
"assignerShortName": "SNPS",
"cveId": "CVE-2024-5184",
"datePublished": "2024-06-05T17:52:13.608Z",
"dateReserved": "2024-05-21T20:04:48.843Z",
"dateUpdated": "2024-08-01T21:03:11.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5193 (GCVE-0-2024-5193)
Vulnerability from cvelistv5 – Published: 2024-05-22 10:31 – Updated: 2026-01-05 19:02 X_Open Source
VLAI
Title
Ritlabs TinyWeb Server Request crlf injection
Summary
A security vulnerability has been detected in Ritlabs TinyWeb Server 1.94. This vulnerability affects unknown code of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.99 is able to resolve this issue. The identifier of the patch is d49c3da6a97e950975b18626878f3ee1f082358e. It is suggested to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.265830 | vdb-entrytechnical-descriptionmitigationpatch |
| https://vuldb.com/?ctiid.265830 | signaturepermissions-required |
| https://vuldb.com/?submit.333059 | third-party-advisory |
| https://github.com/DMCERTCE/CRLF_Tiny | exploit |
| https://github.com/maximmasiutin/TinyWeb/commit/d… | patch |
| https://github.com/maximmasiutin/TinyWeb/releases… | patch |
| https://www.masiutin.net/tinyweb-cve-2024-5193.html | mitigation |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Ritlabs | TinyWeb Server |
Affected:
1.94
Unaffected: 1.99 |
|
| ritlabs | tinyweb |
Affected:
1.94
cpe:2.3:a:ritlabs:tinyweb:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ritlabs:tinyweb:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tinyweb",
"vendor": "ritlabs",
"versions": [
{
"status": "affected",
"version": "1.94"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5193",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T15:07:07.893860Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:01:44.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:11.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-265830 | Ritlabs TinyWeb Server Request crlf injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.265830"
},
{
"name": "VDB-265830 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.265830"
},
{
"name": "Submit #333059 | Ritlabs TinyWeb Server 1.94 CRLF Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.333059"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/DMCERTCE/CRLF_Tiny"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Request Handler"
],
"product": "TinyWeb Server",
"vendor": "Ritlabs",
"versions": [
{
"status": "affected",
"version": "1.94"
},
{
"status": "unaffected",
"version": "1.99"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Senatorhotchkiss (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "maximmasiutin (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Ritlabs TinyWeb Server 1.94. This vulnerability affects unknown code of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.99 is able to resolve this issue. The identifier of the patch is d49c3da6a97e950975b18626878f3ee1f082358e. It is suggested to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CRLF Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T19:02:50.252Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-265830 | Ritlabs TinyWeb Server Request crlf injection",
"tags": [
"vdb-entry",
"technical-description",
"mitigation",
"patch"
],
"url": "https://vuldb.com/?id.265830"
},
{
"name": "VDB-265830 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.265830"
},
{
"name": "Submit #333059 | Ritlabs TinyWeb Server 1.94 CRLF Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.333059"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/DMCERTCE/CRLF_Tiny"
},
{
"tags": [
"patch"
],
"url": "https://github.com/maximmasiutin/TinyWeb/commit/d49c3da6a97e950975b18626878f3ee1f082358e"
},
{
"tags": [
"patch"
],
"url": "https://github.com/maximmasiutin/TinyWeb/releases/tag/v1.99"
},
{
"tags": [
"mitigation"
],
"url": "https://www.masiutin.net/tinyweb-cve-2024-5193.html"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2024-05-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-05-22T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-01-05T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2026-01-05T20:07:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "Ritlabs TinyWeb Server Request crlf injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-5193",
"datePublished": "2024-05-22T10:31:04.297Z",
"dateReserved": "2024-05-22T05:12:12.895Z",
"dateUpdated": "2026-01-05T19:02:50.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-52004 (GCVE-0-2024-52004)
Vulnerability from cvelistv5 – Published: 2024-11-08 22:10 – Updated: 2024-11-12 19:56
VLAI
Title
Remote code execution vulnerabilities in MediaCMS
Summary
MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to upgrade. The vulnerabilities are related with insufficient input validation while uploading media content. The condition to exploit the vulnerability is that the portal allows users to upload content. This issue has been patched in version 4.1.0. There are no known workarounds for this vulnerability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/mediacms-io/mediacms/security/… | x_refsource_CONFIRM |
| https://github.com/mediacms-io/mediacms/blob/main… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| mediacms-io | mediacms |
Affected:
< 4.1.0
|
|
| mediacms | mediacms |
Affected:
0 , < 4.1.0
(custom)
cpe:2.3:a:mediacms:mediacms:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mediacms:mediacms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mediacms",
"vendor": "mediacms",
"versions": [
{
"lessThan": "4.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52004",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T19:55:01.462568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T19:56:53.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mediacms",
"vendor": "mediacms-io",
"versions": [
{
"status": "affected",
"version": "\u003c 4.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to upgrade.\u00a0The vulnerabilities are related with insufficient input validation while uploading media content. The condition to exploit the vulnerability is that the portal allows users to upload content. This issue has been patched in version 4.1.0. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T22:10:07.361Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mediacms-io/mediacms/security/advisories/GHSA-x3p4-4442-q2c3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mediacms-io/mediacms/security/advisories/GHSA-x3p4-4442-q2c3"
},
{
"name": "https://github.com/mediacms-io/mediacms/blob/main/docs/admins_docs.md",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mediacms-io/mediacms/blob/main/docs/admins_docs.md"
}
],
"source": {
"advisory": "GHSA-x3p4-4442-q2c3",
"discovery": "UNKNOWN"
},
"title": "Remote code execution vulnerabilities in\u00a0MediaCMS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52004",
"datePublished": "2024-11-08T22:10:07.361Z",
"dateReserved": "2024-11-04T17:46:16.778Z",
"dateUpdated": "2024-11-12T19:56:53.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53263 (GCVE-0-2024-53263)
Vulnerability from cvelistv5 – Published: 2025-01-14 19:33 – Updated: 2026-02-26 19:09
VLAI
Title
Git LFS permits exfiltration of credentials via crafted HTTP URLs
Summary
Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without checking for embedded line-ending control characters, and then sends any credentials it receives back from the Git credential helper to the remote host. By inserting URL-encoded control characters such as line feed (LF) or carriage return (CR) characters into the URL, an attacker may be able to retrieve a user's Git credentials. This problem exists in all previous versions and is patched in v3.6.1. All users should upgrade to v3.6.1. There are no workarounds known at this time.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/git-lfs/git-lfs/security/advis… | x_refsource_CONFIRM |
| https://github.com/git-lfs/git-lfs/commit/0345b6f… | x_refsource_MISC |
| https://github.com/git-lfs/git-lfs/releases/tag/v3.6.1 | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2025… |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53263",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T04:55:25.805317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:09:07.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-23T18:03:25.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "git-lfs",
"vendor": "git-lfs",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.1.0, \u003c 3.6.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host\u0027s URL to the `git-credential(1)` command without checking for embedded line-ending control characters, and then sends any credentials it receives back from the Git credential helper to the remote host. By inserting URL-encoded control characters such as line feed (LF) or carriage return (CR) characters into the URL, an attacker may be able to retrieve a user\u0027s Git credentials. This problem exists in all previous versions and is patched in v3.6.1. All users should upgrade to v3.6.1. There are no workarounds known at this time."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T19:33:21.876Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/git-lfs/git-lfs/security/advisories/GHSA-q6r2-x2cc-vrp7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/git-lfs/git-lfs/security/advisories/GHSA-q6r2-x2cc-vrp7"
},
{
"name": "https://github.com/git-lfs/git-lfs/commit/0345b6f816e611d050c0df67b61f0022916a1c90",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/git-lfs/git-lfs/commit/0345b6f816e611d050c0df67b61f0022916a1c90"
},
{
"name": "https://github.com/git-lfs/git-lfs/releases/tag/v3.6.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/git-lfs/git-lfs/releases/tag/v3.6.1"
}
],
"source": {
"advisory": "GHSA-q6r2-x2cc-vrp7",
"discovery": "UNKNOWN"
},
"title": "Git LFS permits exfiltration of credentials via crafted HTTP URLs"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53263",
"datePublished": "2025-01-14T19:33:21.876Z",
"dateReserved": "2024-11-19T20:08:14.481Z",
"dateUpdated": "2026-02-26T19:09:07.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-53860 (GCVE-0-2024-53860)
Vulnerability from cvelistv5 – Published: 2024-11-27 21:31 – Updated: 2024-12-02 22:27
VLAI
Title
Potential Abuse for Sending Arbitrary Emails in sp-php-email-handler
Summary
sp-php-email-handler is a PHP package for handling contact form submissions. Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to use your server to send spam, phishing emails, or other malicious content, potentially damaging your domain's reputation and leading to blacklisting by email providers. Patched in version 1.0.0 by removing user-provided content from confirmation emails. All pre-release versions (alpha and beta) are vulnerable to this issue and should not be used. There are no workarounds for this issue. Users must upgrade to version 1.0.0 to mitigate the vulnerability.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Spencer14420/SPEmailHandler-PH… | x_refsource_CONFIRM |
| https://github.com/Spencer14420/SPEmailHandler-PH… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Spencer14420 | SPEmailHandler-PHP |
Affected:
< 1.0.0
|
|
| spencer14420 | spemailhandler-php |
Affected:
0 , < 1.0.0
(custom)
cpe:2.3:a:spencer14420:spemailhandler-php:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:spencer14420:spemailhandler-php:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "spemailhandler-php",
"vendor": "spencer14420",
"versions": [
{
"lessThan": "1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53860",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T22:24:38.674760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T22:27:22.606Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SPEmailHandler-PHP",
"vendor": "Spencer14420",
"versions": [
{
"status": "affected",
"version": "\u003c 1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "sp-php-email-handler is a PHP package for handling contact form submissions. Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to use your server to send spam, phishing emails, or other malicious content, potentially damaging your domain\u0027s reputation and leading to blacklisting by email providers. Patched in version 1.0.0 by removing user-provided content from confirmation emails. All pre-release versions (alpha and beta) are vulnerable to this issue and should not be used. There are no workarounds for this issue. Users must upgrade to version 1.0.0 to mitigate the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T21:31:07.431Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Spencer14420/SPEmailHandler-PHP/security/advisories/GHSA-mj5r-x73q-fjw6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Spencer14420/SPEmailHandler-PHP/security/advisories/GHSA-mj5r-x73q-fjw6"
},
{
"name": "https://github.com/Spencer14420/SPEmailHandler-PHP/commit/6f00dd0d44ff27889aed2980a5ba06e60d83549d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Spencer14420/SPEmailHandler-PHP/commit/6f00dd0d44ff27889aed2980a5ba06e60d83549d"
}
],
"source": {
"advisory": "GHSA-mj5r-x73q-fjw6",
"discovery": "UNKNOWN"
},
"title": "Potential Abuse for Sending Arbitrary Emails in sp-php-email-handler"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53860",
"datePublished": "2024-11-27T21:31:07.431Z",
"dateReserved": "2024-11-22T17:30:02.144Z",
"dateUpdated": "2024-12-02T22:27:22.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56835 (GCVE-0-2024-56835)
Vulnerability from cvelistv5 – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
VLAI
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). The DHCP Server configuration file of the affected products is subject to code injection. An attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
1 reference
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX MX5000RE |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1400 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1500 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1501 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1510 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1511 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1512 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1524 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1536 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX5000 |
Affected:
0 , < V2.17.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56835",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:29:27.215015Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T14:29:32.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). The DHCP Server configuration file of the affected products is subject to code injection. An attacker could leverage this vulnerability to spawn a reverse shell and gain root access on the affected system."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T09:43:49.860Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-56835",
"datePublished": "2025-12-09T10:44:13.701Z",
"dateReserved": "2025-01-03T10:21:11.980Z",
"dateUpdated": "2026-01-13T09:43:49.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-56838 (GCVE-0-2024-56838)
Vulnerability from cvelistv5 – Published: 2025-12-09 10:44 – Updated: 2026-01-13 09:43
VLAI
Summary
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). The SCEP client available in the affected device for secure certificate enrollment lacks validation of multiple fields. An attacker could leverage this scenario to execute arbitrary code as root user.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Assigner
References
1 reference
Impacted products
11 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | RUGGEDCOM ROX MX5000 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX MX5000RE |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1400 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1500 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1501 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1510 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1511 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1512 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1524 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX1536 |
Affected:
0 , < V2.17.0
(custom)
|
|
| Siemens | RUGGEDCOM ROX RX5000 |
Affected:
0 , < V2.17.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56838",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:28:19.803546Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T14:28:27.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions \u003c V2.17.0), RUGGEDCOM ROX MX5000RE (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1400 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1500 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1501 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1510 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1511 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1512 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1524 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX1536 (All versions \u003c V2.17.0), RUGGEDCOM ROX RX5000 (All versions \u003c V2.17.0). The SCEP client available in the affected device for secure certificate enrollment lacks validation of multiple fields. An attacker could leverage this scenario to execute arbitrary code as root user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T09:43:53.194Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-56838",
"datePublished": "2025-12-09T10:44:17.019Z",
"dateReserved": "2025-01-03T10:21:11.980Z",
"dateUpdated": "2026-01-13T09:43:53.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Requirements
Description:
- Programming languages and supporting technologies might be chosen which are not subject to these issues.
Mitigation
Phase: Implementation
Description:
- Utilize an appropriate mix of allowlist and denylist parsing to filter control-plane syntax from all input.
CAPEC-10: Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the adversary finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
CAPEC-101: Server Side Include (SSI) Injection
An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
CAPEC-105: HTTP Request Splitting
['An adversary abuses the flexibility and discrepancies in the parsing and interpretation of HTTP Request messages by different intermediary HTTP agents (e.g., load balancer, reverse proxy, web caching proxies, application firewalls, etc.) to split a single HTTP request into multiple unauthorized and malicious HTTP requests to a back-end HTTP agent (e.g., web server).', 'See CanPrecede relationships for possible consequences.']
CAPEC-108: Command Line Execution through SQL Injection
An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.
CAPEC-120: Double Encoding
The adversary utilizes a repeating of the encoding process for a set of characters (that is, character encoding a character encoding of a character) to obfuscate the payload of a particular request. This may allow the adversary to bypass filters that attempt to detect illegal characters or strings, such as those that might be used in traversal or injection attacks. Filters may be able to catch illegal encoded strings, but may not catch doubly encoded strings. For example, a dot (.), often used in path traversal attacks and therefore often blocked by filters, could be URL encoded as %2E. However, many filters recognize this encoding and would still block the request. In a double encoding, the % in the above URL encoding would be encoded again as %25, resulting in %252E which some filters might not catch, but which could still be interpreted as a dot (.) by interpreters on the target.
CAPEC-13: Subverting Environment Variable Values
The adversary directly or indirectly modifies environment variables used by or controlling the target software. The adversary's goal is to cause the target software to deviate from its expected operation in a manner that benefits the adversary.
CAPEC-135: Format String Injection
An adversary includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An adversary can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the adversary can write to the program stack.
CAPEC-14: Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service. This hostile service is created to deliver the correct content to the client software. For example, if the client-side application is a browser, the service will host a webpage that the browser loads.
CAPEC-24: Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
CAPEC-250: XML Injection
An attacker utilizes crafted XML user-controllable input to probe, attack, and inject data into the XML database, using techniques similar to SQL injection. The user-controllable input can allow for unauthorized viewing of data, bypassing authentication or the front-end application for direct XML database access, and possibly altering database information.
CAPEC-267: Leverage Alternate Encoding
An adversary leverages the possibility to encode potentially harmful input or content used by applications such that the applications are ineffective at validating this encoding standard.
CAPEC-273: HTTP Response Smuggling
['An adversary manipulates and injects malicious content in the form of secret unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent (e.g., server).', 'See CanPrecede relationships for possible consequences.']
CAPEC-28: Fuzzing
In this attack pattern, the adversary leverages fuzzing to try to identify weaknesses in the system. Fuzzing is a software security and functionality testing method that feeds randomly constructed input to the system and looks for an indication that a failure in response to that input has occurred. Fuzzing treats the system as a black box and is totally free from any preconceptions or assumptions about the system. Fuzzing can help an attacker discover certain assumptions made about user input in the system. Fuzzing gives an attacker a quick way of potentially uncovering some of these assumptions despite not necessarily knowing anything about the internals of the system. These assumptions can then be turned against the system by specially crafting user input that may allow an attacker to achieve their goals.
CAPEC-3: Using Leading 'Ghost' Character Sequences to Bypass Input Filters
Some APIs will strip certain leading characters from a string of parameters. An adversary can intentionally introduce leading "ghost" characters (extra characters that don't affect the validity of the request at the API layer) that enable the input to pass the filters and therefore process the adversary's input. This occurs when the targeted API will accept input data in several syntactic forms and interpret it in the equivalent semantic way, while the filter does not take into account the full spectrum of the syntactic forms acceptable to the targeted API.
CAPEC-34: HTTP Response Splitting
['An adversary manipulates and injects malicious content, in the form of secret unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent (e.g., web server) or into an already spoofed HTTP response from an adversary controlled domain/site.', 'See CanPrecede relationships for possible consequences.']
CAPEC-42: MIME Conversion
An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
CAPEC-43: Exploiting Multiple Input Interpretation Layers
An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: <parser1> --> <input validator> --> <parser2>. In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.
CAPEC-45: Buffer Overflow via Symbolic Links
This type of attack leverages the use of symbolic links to cause buffer overflows. An adversary can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
CAPEC-46: Overflow Variables and Tags
This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The adversary crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
CAPEC-47: Buffer Overflow via Parameter Expansion
In this attack, the target software is given input that the adversary knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
CAPEC-51: Poison Web Service Registry
SOA and Web Services often use a registry to perform look up, get schema information, and metadata about services. A poisoned registry can redirect (think phishing for servers) the service requester to a malicious service provider, provide incorrect information in schema or metadata, and delete information about service provider interfaces.
CAPEC-52: Embedding NULL Bytes
An adversary embeds one or more null bytes in input to the target software. This attack relies on the usage of a null-valued byte as a string terminator in many environments. The goal is for certain components of the target software to stop processing the input when it encounters the null byte(s).
CAPEC-53: Postfix, Null Terminate, and Backslash
If a string is passed through a filter of some kind, then a terminal NULL may not be valid. Using alternate representation of NULL allows an adversary to embed the NULL mid-string while postfixing the proper data so that the filter is avoided. One example is a filter that looks for a trailing slash character. If a string insertion is possible, but the slash must exist, an alternate encoding of NULL in mid-string may be used.
CAPEC-6: Argument Injection
An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods.
CAPEC-64: Using Slashes and URL Encoding Combined to Bypass Validation Logic
This attack targets the encoding of the URL combined with the encoding of the slash characters. An attacker can take advantage of the multiple ways of encoding a URL and abuse the interpretation of the URL. A URL may contain special character that need special syntax handling in order to be interpreted. Special characters are represented using a percentage character followed by two digits representing the octet code of the original character (%HEX-CODE). For instance US-ASCII space character would be represented with %20. This is often referred as escaped ending or percent-encoding. Since the server decodes the URL from the requests, it may restrict the access to some URL paths by validating and filtering out the URL requests it received. An attacker will try to craft an URL with a sequence of special characters which once interpreted by the server will be equivalent to a forbidden URL. It can be difficult to protect against this attack since the URL can contain other format of encoding such as UTF-8 encoding, Unicode-encoding, etc.
CAPEC-67: String Format Overflow in syslog()
This attack targets applications and software that uses the syslog() function insecurely. If an application does not explicitely use a format string parameter in a call to syslog(), user input can be placed in the format string parameter leading to a format string injection attack. Adversaries can then inject malicious format string commands into the function call leading to a buffer overflow. There are many reported software vulnerabilities with the root cause being a misuse of the syslog() function.
CAPEC-7: Blind SQL Injection
Blind SQL Injection results from an insufficient mitigation for SQL Injection. Although suppressing database error messages are considered best practice, the suppression alone is not sufficient to prevent SQL Injection. Blind SQL Injection is a form of SQL Injection that overcomes the lack of error messages. Without the error messages that facilitate SQL Injection, the adversary constructs input strings that probe the target through simple Boolean SQL expressions. The adversary can determine if the syntax and structure of the injection was successful based on whether the query was executed or not. Applied iteratively, the adversary determines how and where the target is vulnerable to SQL Injection.
CAPEC-71: Using Unicode Encoding to Bypass Validation Logic
An attacker may provide a Unicode string to a system component that is not Unicode aware and use that to circumvent the filter or cause the classifying mechanism to fail to properly understanding the request. That may allow the attacker to slip malicious data past the content filter and/or possibly cause the application to route the request incorrectly.
CAPEC-72: URL Encoding
This attack targets the encoding of the URL. An adversary can take advantage of the multiple way of encoding an URL and abuse the interpretation of the URL.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
CAPEC-78: Using Escaped Slashes in Alternate Encoding
This attack targets the use of the backslash in alternate encoding. An adversary can provide a backslash as a leading character and causes a parser to believe that the next character is special. This is called an escape. By using that trick, the adversary tries to exploit alternate ways to encode the same character which leads to filter problems and opens avenues to attack.
CAPEC-79: Using Slashes in Alternate Encoding
This attack targets the encoding of the Slash characters. An adversary would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the adversary many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
CAPEC-8: Buffer Overflow in an API Call
This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An adversary who has knowledge of known vulnerable libraries or shared code can easily target software that makes use of these libraries. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
CAPEC-80: Using UTF-8 Encoding to Bypass Validation Logic
This attack is a specific variation on leveraging alternate encodings to bypass validation logic. This attack leverages the possibility to encode potentially harmful input in UTF-8 and submit it to applications not expecting or effective at validating this encoding standard making input filtering difficult. UTF-8 (8-bit UCS/Unicode Transformation Format) is a variable-length character encoding for Unicode. Legal UTF-8 characters are one to four bytes long. However, early version of the UTF-8 specification got some entries wrong (in some cases it permitted overlong characters). UTF-8 encoders are supposed to use the "shortest possible" encoding, but naive decoders may accept encodings that are longer than necessary. According to the RFC 3629, a particularly subtle form of this attack can be carried out against a parser which performs security-critical validity checks against the UTF-8 encoded form of its input, but interprets certain illegal octet sequences as characters.
CAPEC-83: XPath Injection
An attacker can craft special user-controllable input consisting of XPath expressions to inject the XML database and bypass authentication or glean information that they normally would not be able to. XPath Injection enables an attacker to talk directly to the XML database, thus bypassing the application completely. XPath Injection results from the failure of an application to properly sanitize input used as part of dynamic XPath expressions used to query an XML database.
CAPEC-84: XQuery Injection
This attack utilizes XQuery to probe and attack server systems; in a similar manner that SQL Injection allows an attacker to exploit SQL calls to RDBMS, XQuery Injection uses improperly validated data that is passed to XQuery commands to traverse and execute commands that the XQuery routines have access to. XQuery injection can be used to enumerate elements on the victim's environment, inject commands to the local host, or execute queries to remote files and data sources.
CAPEC-9: Buffer Overflow in Local Command-Line Utilities
This attack targets command-line utilities available in a number of shells. An adversary can leverage a vulnerability found in a command-line utility to escalate privilege to root.