All the vulnerabilites related to PROSCEND - PROSCEND M350-5G / M350-W5G / M350-6 / M350-W6
cve-2022-34769
Vulnerability from cvelistv5
Published
2022-08-05 15:25
Modified
2024-09-16 17:08
Summary
Michlol - rashim web interface Insecure direct object references (IDOR)
Impacted products
MichlolMichlol - rashim web
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-34769",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-16T20:22:19.649124Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-16T20:22:24.913Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:22:10.042Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Michlol - rashim web",
          "vendor": "Michlol",
          "versions": [
            {
              "lessThanOrEqual": "187.4393",
              "status": "affected",
              "version": "187.4392",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2022-08-03T14:40:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Michlol - rashim web interface Insecure direct object references (IDOR).\u003cbr\u003eFirst of all, the attacker needs to login.\u003cbr\u003eAfter he performs log into the system there are some functionalities that the specific user is not allowed to perform.\u003cbr\u003eHowever all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and then\u003cbr\u003ethe attacker can access sensitive data that he not supposed to access because its belong to another user."
            }
          ],
          "value": "Michlol - rashim web interface Insecure direct object references (IDOR).\nFirst of all, the attacker needs to login.\nAfter he performs log into the system there are some functionalities that the specific user is not allowed to perform.\nHowever all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and then\nthe attacker can access sensitive data that he not supposed to access because its belong to another user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "interface Insecure direct object references",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-17T09:47:23.351Z",
        "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "shortName": "INCD"
      },
      "references": [
        {
          "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update to version 187.4392\u003cbr\u003e"
            }
          ],
          "value": "Update to version 187.4392"
        }
      ],
      "source": {
        "advisory": "ILVN-2022-0041",
        "defect": [
          "ILVN-2022-0041"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Michlol - rashim web interface Insecure direct object references (IDOR)",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
    "assignerShortName": "INCD",
    "cveId": "CVE-2022-34769",
    "datePublished": "2022-08-05T15:25:06.930961Z",
    "dateReserved": "2022-06-29T00:00:00",
    "dateUpdated": "2024-09-16T17:08:43.887Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-36779
Vulnerability from cvelistv5
Published
2022-09-13 14:57
Modified
2024-09-16 16:33
Summary
PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection
References
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:14:28.508Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.gov.il/en/departments/faq/cve_advisories"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PROSCEND M330-w / M330-W5",
          "vendor": "PROSCEND",
          "versions": [
            {
              "lessThan": "V1.11*",
              "status": "affected",
              "version": "V1.11",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "PROSCEND M350-5G / M350-W5G / M350-6 / M350-W6",
          "vendor": "PROSCEND",
          "versions": [
            {
              "lessThan": "V1.02*",
              "status": "affected",
              "version": "V1.02",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "PROSCEND M301-G / M301-GW",
          "vendor": "PROSCEND",
          "versions": [
            {
              "lessThan": "V2.20*",
              "status": "affected",
              "version": "V2.20",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "ADVICE ICR 111WG",
          "vendor": "PROSCEND",
          "versions": [
            {
              "lessThan": "V1.11*",
              "status": "affected",
              "version": "V1.11",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "MetaData"
        }
      ],
      "datePublic": "2022-08-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G / M301-GW ADVICE ICR 111WG / https://www.proscend.com/en/category/industrial-Cellular-Router/industrial-Cellular-Router.html https://cdn.shopify.com/s/files/1/0036/9413/3297/files/ADVICE_Industrial_4G_LTE_Cellular_Router_ICR111WG.pdf?v=1620814301"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unauthenticated OS Command Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-13T14:57:52",
        "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "shortName": "INCD"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.gov.il/en/departments/faq/cve_advisories"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Update released for the following versions:\nProscend M330-w / M330-W5 Plan to fix on V1.11\nProscend M350-5G / M350-W5G / M350-6 / M350-W6 Fixed on V1.02\nProscend M301-G / M301-GW Fixed on V2.20\nADVICE ICR 111WG / Plan to fix on V1.11"
        }
      ],
      "source": {
        "defect": [
          "ILVN-2022-0050"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@cyber.gov.il",
          "DATE_PUBLIC": "2022-08-21T11:14:00.000Z",
          "ID": "CVE-2022-36779",
          "STATE": "PUBLIC",
          "TITLE": "PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PROSCEND M330-w / M330-W5",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e",
                            "version_name": "V1.11",
                            "version_value": "V1.11"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "PROSCEND M350-5G / M350-W5G / M350-6 / M350-W6",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e",
                            "version_name": "V1.02",
                            "version_value": "V1.02"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "PROSCEND M301-G / M301-GW",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e",
                            "version_name": "V2.20",
                            "version_value": "V2.20"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ADVICE ICR 111WG",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e",
                            "version_name": "V1.11",
                            "version_value": "V1.11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PROSCEND"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "MetaData"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G / M301-GW ADVICE ICR 111WG / https://www.proscend.com/en/category/industrial-Cellular-Router/industrial-Cellular-Router.html https://cdn.shopify.com/s/files/1/0036/9413/3297/files/ADVICE_Industrial_4G_LTE_Cellular_Router_ICR111WG.pdf?v=1620814301"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Unauthenticated OS Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.gov.il/en/departments/faq/cve_advisories",
              "refsource": "MISC",
              "url": "https://www.gov.il/en/departments/faq/cve_advisories"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Update released for the following versions:\nProscend M330-w / M330-W5 Plan to fix on V1.11\nProscend M350-5G / M350-W5G / M350-6 / M350-W6 Fixed on V1.02\nProscend M301-G / M301-GW Fixed on V2.20\nADVICE ICR 111WG / Plan to fix on V1.11"
          }
        ],
        "source": {
          "defect": [
            "ILVN-2022-0050"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
    "assignerShortName": "INCD",
    "cveId": "CVE-2022-36779",
    "datePublished": "2022-09-13T14:57:52.794084Z",
    "dateReserved": "2022-07-26T00:00:00",
    "dateUpdated": "2024-09-16T16:33:09.230Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}