All the vulnerabilites related to Moxa - EDR-8010 Series
cve-2024-9139
Vulnerability from cvelistv5
Published
2024-10-14 08:20
Modified
2024-11-06 20:47
Severity ?
8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS score ?
Summary
OS Command Injection in Restricted Command
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:moxa:edr-8010_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "edr-8010_firmware", "vendor": "moxa", "versions": [ { "lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:moxa:edr-g9004_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "edr-g9004_firmware", "vendor": "moxa", "versions": [ { "lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:moxa:edr-g9010_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "edr-g9010_firmware", "vendor": "moxa", "versions": [ { "lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:moxa:edf-g1002-bp_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "edf-g1002-bp_firmware", "vendor": "moxa", "versions": [ { "lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:moxa:nat-102_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nat-102_firmware", "vendor": "moxa", "versions": [ { "lessThanOrEqual": "1.0.5", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:moxa:oncell_g4302-lte4_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "oncell_g4302-lte4_firmware", "vendor": "moxa", "versions": [ { "lessThanOrEqual": "3.9", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:moxa:tn-4900_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "tn-4900_firmware", "vendor": "moxa", "versions": [ { "lessThanOrEqual": "3.6", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:moxa:edr-810_firmware:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "edr-810_firmware", "vendor": "moxa", "versions": [ { "lessThanOrEqual": "5.12.33", "status": "affected", "version": "1.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-9139", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-14T15:23:34.875609Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-06T20:47:06.342Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "EDR-8010 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "EDR-G9004 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "EDR-G9010 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "EDF-G1002-BP Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "NAT-102 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "1.0.5", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "OnCell G4302-LTE4 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "3.9", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "TN-4900 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "3.6", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "EDR-810 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "5.12.33", "status": "affected", "version": "1.0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lars Haulin" } ], "datePublic": "2024-10-14T08:20:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eThe affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code.\u003c/p\u003e" } ], "value": "The affected product permits OS command injection through improperly restricted commands, potentially allowing attackers to execute arbitrary code." } ], "impacts": [ { "capecId": "CAPEC-88", "descriptions": [ { "lang": "en", "value": "CAPEC-88 OS Command Injection" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.6, "baseSeverity": "HIGH", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-25T06:39:57.957Z", "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eMoxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eEDR-8010 Series: Upgrade to the firmware version 3.13 or later version.\u003c/span\u003e\u003c/li\u003e\u003cli\u003eEDR-G9004 Series: Upgrade to the firmware version 3.13 or later version.\u003c/li\u003e\u003cli\u003eEDR-G9010 Series: Upgrade to the firmware version 3.13 or later version.\u003c/li\u003e\u003cli\u003eEDF-G1002-BP Series: Upgrade to the firmware version 3.13 or later version.\u003c/li\u003e\u003cli\u003eNAT-102 Series: Please contact Moxa Technical Support for the security patch.\u003c/li\u003e\u003cli\u003eOnCell G4302-LTE4 Series: Upgrade to the firmware version 3.13 or later version.\u003c/li\u003e\u003cli\u003eTN-4900 Series: Upgrade to the firmware version 3.13 or later version.\u003c/li\u003e\u003cli\u003eEDR-810 Series: Upgrade to the firmware version 5.12.37 or later version.\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e" } ], "value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.\n\n * EDR-8010 Series: Upgrade to the firmware version 3.13 or later version.\n * EDR-G9004 Series: Upgrade to the firmware version 3.13 or later version.\n * EDR-G9010 Series: Upgrade to the firmware version 3.13 or later version.\n * EDF-G1002-BP Series: Upgrade to the firmware version 3.13 or later version.\n * NAT-102 Series: Please contact Moxa Technical Support for the security patch.\n * OnCell G4302-LTE4 Series: Upgrade to the firmware version 3.13 or later version.\n * TN-4900 Series: Upgrade to the firmware version 3.13 or later version.\n * EDR-810 Series: Upgrade to the firmware version 5.12.37 or later version." } ], "source": { "discovery": "EXTERNAL" }, "title": "OS Command Injection in Restricted Command", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eMinimize network exposure to ensure the device is not accessible from the Internet.\u003c/li\u003e\u003cli\u003eLimit web access to trusted IP addresses and networks by using firewall rules or TCP wrappers.\u003c/li\u003e\u003cli\u003eImplement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n\n\u003cbr\u003e" } ], "value": "* Minimize network exposure to ensure the device is not accessible from the Internet.\n * Limit web access to trusted IP addresses and networks by using firewall rules or TCP wrappers.\n * Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks." } ], "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "assignerShortName": "Moxa", "cveId": "CVE-2024-9139", "datePublished": "2024-10-14T08:20:52.200Z", "dateReserved": "2024-09-24T07:11:43.318Z", "dateUpdated": "2024-11-06T20:47:06.342Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-9137
Vulnerability from cvelistv5
Published
2024-10-14 08:09
Modified
2024-10-15 14:32
Severity ?
8.8 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
9.4 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
EPSS score ?
Summary
Moxa Service Missing Authentication for Critical Function
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:moxa:edr-g9010:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "edr-g9010", "vendor": "moxa", "versions": [ { "lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:moxa:nat-102:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "nat-102", "vendor": "moxa", "versions": [ { "lessThanOrEqual": "1.0.5", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:moxa:tn-4900:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "tn-4900", "vendor": "moxa", "versions": [ { "lessThanOrEqual": "3.6", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:moxa:oncell_g4302-lte4:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "oncell_g4302-lte4", "vendor": "moxa", "versions": [ { "lessThanOrEqual": "3.9", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:moxa:edf-g1002-bp:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "edf-g1002-bp", "vendor": "moxa", "versions": [ { "lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:moxa:edr-g9004:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "edr-g9004", "vendor": "moxa", "versions": [ { "lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:moxa:edr-8010:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "edr-8010", "vendor": "moxa", "versions": [ { "lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-9137", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-14T15:27:27.483068Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-15T14:32:26.853Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "EDR-8010 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "EDR-G9004 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "EDR-G9010 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "EDF-G1002-BP Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "3.12.1", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "NAT-102 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "1.0.5", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "OnCell G4302-LTE4 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "3.9", "status": "affected", "version": "1.0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "TN-4900 Series", "vendor": "Moxa", "versions": [ { "lessThanOrEqual": "3.6", "status": "affected", "version": "1.0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Lars Haulin" } ], "datePublic": "2024-10-14T08:07:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eThe affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise.\u003c/p\u003e" } ], "value": "The affected product lacks an authentication check when sending commands to the server via the Moxa service. This vulnerability allows an attacker to execute specified commands, potentially leading to unauthorized downloads or uploads of configuration files and system compromise." } ], "impacts": [ { "capecId": "CAPEC-216", "descriptions": [ { "lang": "en", "value": "CAPEC-216 Communication Channel Manipulation" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.8, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-15T07:56:29.135Z", "orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "shortName": "Moxa" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241154-missing-authentication-and-os-command-injection-vulnerabilities-in-routers-and-network-security-appliances" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eMoxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.\u003c/p\u003e\u003col\u003e\u003cli\u003eEDR-8010 Series: Upgrade to the firmware version 3.13.\u003c/li\u003e\u003cli\u003eEDR-G9004 Series: Upgrade to the firmware version 3.13.\u003c/li\u003e\u003cli\u003eEDR-G9010 Series: Upgrade to the firmware version 3.13.\u003c/li\u003e\u003cli\u003eEDR-G1002-BP Series: Upgrade to the firmware version 3.13.\u003c/li\u003e\u003cli\u003eNAT-102 Series: Please contact Moxa Technical Support for the security patch.\u003c/li\u003e\u003cli\u003eONCell G4302-LTE4 Series: Upgrade to the firmware version 3.13.\u003c/li\u003e\u003cli\u003eTN-4900 Series: Upgrade to the firmware version 3.13.\u003c/li\u003e\u003c/ol\u003e" } ], "value": "Moxa has developed appropriate solutions to address the vulnerabilities. The solutions for the affected products are shown below.\n\n * EDR-8010 Series: Upgrade to the firmware version 3.13.\n * EDR-G9004 Series: Upgrade to the firmware version 3.13.\n * EDR-G9010 Series: Upgrade to the firmware version 3.13.\n * EDR-G1002-BP Series: Upgrade to the firmware version 3.13.\n * NAT-102 Series: Please contact Moxa Technical Support for the security patch.\n * ONCell G4302-LTE4 Series: Upgrade to the firmware version 3.13.\n * TN-4900 Series: Upgrade to the firmware version 3.13." } ], "source": { "discovery": "EXTERNAL" }, "title": "Moxa Service Missing Authentication for Critical Function", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eMinimize network exposure to ensure the device is not accessible from the Internet.\u003c/li\u003e\u003cli\u003eLimit web access to trusted IP addresses and networks by using firewall rules or TCP wrappers.\u003c/li\u003e\u003cli\u003eImplement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n\n\u003cbr\u003e" } ], "value": "* Minimize network exposure to ensure the device is not accessible from the Internet.\n * Limit web access to trusted IP addresses and networks by using firewall rules or TCP wrappers.\n * Implement IDS or Intrusion Prevention System (IPS) to detect and prevent exploitation attempts. These systems can provide an additional layer of defense by monitoring network traffic for signs of attacks." } ], "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa", "assignerShortName": "Moxa", "cveId": "CVE-2024-9137", "datePublished": "2024-10-14T08:09:22.689Z", "dateReserved": "2024-09-24T07:11:35.456Z", "dateUpdated": "2024-10-15T14:32:26.853Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }