All the vulnerabilites related to Siemens - SIMATIC CP 1543-1
cve-2022-34821
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:22:10.733Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "RUGGEDCOM RM1224 LTE(4G) EU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "RUGGEDCOM RM1224 LTE(4G) NAM", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M804PB", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M812-1 ADSL-Router (Annex A)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M812-1 ADSL-Router (Annex B)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M816-1 ADSL-Router (Annex A)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M816-1 ADSL-Router (Annex B)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M826-2 SHDSL-Router", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M874-2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M874-3", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M876-3 (EVDO)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M876-3 (ROK)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M876-4", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M876-4 (EU)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE M876-4 (NAM)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE MUM853-1 (EU)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE MUM856-1 (EU)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE MUM856-1 (RoW)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE S615", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE S615 EEC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V7.2" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC622-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC622-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC626-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC626-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC632-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC632-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC636-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC636-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC642-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC642-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC646-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V2.3" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE SC646-2C", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.3 \u003c V3.0" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WAM763-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WAM766-1 (EU)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WAM766-1 (US)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WAM766-1 EEC (EU)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WAM766-1 EEC (US)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WUM763-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WUM763-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WUM766-1 (EU)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SCALANCE WUM766-1 (US)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1242-7 V2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE EU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE US", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-8 IRC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1542SP-1 IRC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1543-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.0.22" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1543SP-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 1242-7 V2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 1543-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.0.22" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-1200 CP 1243-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-1200 CP 1243-1 RAIL", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions \u003c V7.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions \u003c V7.2), SCALANCE M804PB (All versions \u003c V7.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions \u003c V7.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions \u003c V7.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions \u003c V7.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions \u003c V7.2), SCALANCE M826-2 SHDSL-Router (All versions \u003c V7.2), SCALANCE M874-2 (All versions \u003c V7.2), SCALANCE M874-3 (All versions \u003c V7.2), SCALANCE M876-3 (EVDO) (All versions \u003c V7.2), SCALANCE M876-3 (ROK) (All versions \u003c V7.2), SCALANCE M876-4 (All versions \u003c V7.2), SCALANCE M876-4 (EU) (All versions \u003c V7.2), SCALANCE M876-4 (NAM) (All versions \u003c V7.2), SCALANCE MUM853-1 (EU) (All versions \u003c V7.2), SCALANCE MUM856-1 (EU) (All versions \u003c V7.2), SCALANCE MUM856-1 (RoW) (All versions \u003c V7.2), SCALANCE S615 (All versions \u003c V7.2), SCALANCE S615 EEC (All versions \u003c V7.2), SCALANCE SC622-2C (All versions \u003c V2.3), SCALANCE SC622-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC626-2C (All versions \u003c V2.3), SCALANCE SC626-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC632-2C (All versions \u003c V2.3), SCALANCE SC632-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC636-2C (All versions \u003c V2.3), SCALANCE SC636-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC642-2C (All versions \u003c V2.3), SCALANCE SC642-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC646-2C (All versions \u003c V2.3), SCALANCE SC646-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE WAM763-1 (All versions), SCALANCE WAM766-1 (EU) (All versions), SCALANCE WAM766-1 (US) (All versions), SCALANCE WAM766-1 EEC (EU) (All versions), SCALANCE WAM766-1 EEC (US) (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM766-1 (EU) (All versions), SCALANCE WUM766-1 (US) (All versions), SIMATIC CP 1242-7 V2 (All versions \u003c V3.3.46), SIMATIC CP 1243-1 (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE US (All versions \u003c V3.3.46), SIMATIC CP 1243-8 IRC (All versions \u003c V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions \u003e= V2.0 \u003c V2.2.28), SIMATIC CP 1543-1 (All versions \u003c V3.0.22), SIMATIC CP 1543SP-1 (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions \u003c V3.3.46), SIPLUS NET CP 1543-1 (All versions \u003c V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions \u003c V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions \u003c V3.3.46). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-10T10:20:57.022Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-34821", "datePublished": "2022-07-12T00:00:00", "dateReserved": "2022-06-29T00:00:00", "dateUpdated": "2024-08-03T09:22:10.733Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-34819
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:22:10.546Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC CP 1242-7 V2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE EU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE US", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-8 IRC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1542SP-1 IRC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1543-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.0.22" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1543SP-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 1242-7 V2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 1543-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.0.22" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-1200 CP 1243-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-1200 CP 1243-1 RAIL", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions \u003c V3.3.46), SIMATIC CP 1243-1 (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE US (All versions \u003c V3.3.46), SIMATIC CP 1243-8 IRC (All versions \u003c V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions \u003e= V2.0 \u003c V2.2.28), SIMATIC CP 1543-1 (All versions \u003c V3.0.22), SIMATIC CP 1543SP-1 (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions \u003c V3.3.46), SIPLUS NET CP 1543-1 (All versions \u003c V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions \u003c V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions \u003c V3.3.46). The application lacks proper validation of user-supplied data when parsing specific messages. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of device." } ], "metrics": [ { "cvssV3_1": { "baseScore": 10, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:30:37.921Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-34819", "datePublished": "2022-07-12T10:07:27", "dateReserved": "2022-06-29T00:00:00", "dateUpdated": "2024-08-03T09:22:10.546Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38380
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:39:13.213Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-693975.pdf" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-693975.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html" }, { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-625862.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC CP 1242-7 V2 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1 IEC (incl. SIPLUS variants)", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-8 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V3.4.29", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1542SP-1", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1542SP-1 IRC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1543-1", "vendor": "Siemens", "versions": [ { "lessThan": "V3.0.37", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1543SP-1", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SINAMICS S210 (6SL5...)", "vendor": "Siemens", "versions": [ { "lessThan": "V6.1 HF2", "status": "affected", "version": "V6.1", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL", "vendor": "Siemens", "versions": [ { "lessThan": "V2.3", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 1543-1", "vendor": "Siemens", "versions": [ { "lessThan": "V3.0.37", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions \u003c V3.4.29), SIMATIC CP 1243-7 LTE (All versions \u003c V3.4.29), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions \u003c V3.4.29), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions \u003c V2.3), SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) (All versions \u003c V3.0.37), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions \u003c V2.3), SINAMICS S210 (6SL5...) (All versions \u003e= V6.1 \u003c V6.1 HF2), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions \u003c V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions \u003c V2.3), SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) (All versions \u003c V3.0.37). The webserver implementation of the affected products does not correctly release allocated memory after it has been used.\r\n\r\nAn attacker with network access could use this vulnerability to cause a denial-of-service condition in the webserver of the affected product." } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" } }, { "cvssV4_0": { "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "CWE-401: Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-11T14:19:50.234Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-693975.pdf" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-693975.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-139628.html" }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-625862.html" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2023-38380", "datePublished": "2023-12-12T11:26:36.173Z", "dateReserved": "2023-07-17T13:06:36.758Z", "dateUpdated": "2024-08-02T17:39:13.213Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-34820
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:22:10.675Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "SIMATIC CP 1242-7 V2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE EU", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-7 LTE US", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1243-8 IRC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1542SP-1 IRC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1543-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.0.22" } ] }, { "defaultStatus": "unknown", "product": "SIMATIC CP 1543SP-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003e= V2.0 \u003c V2.2.28" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 1242-7 V2", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS NET CP 1543-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.0.22" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-1200 CP 1243-1", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] }, { "defaultStatus": "unknown", "product": "SIPLUS S7-1200 CP 1243-1 RAIL", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V3.3.46" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions \u003c V3.3.46), SIMATIC CP 1243-1 (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE US (All versions \u003c V3.3.46), SIMATIC CP 1243-8 IRC (All versions \u003c V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions \u003e= V2.0 \u003c V2.2.28), SIMATIC CP 1543-1 (All versions \u003c V3.0.22), SIMATIC CP 1543SP-1 (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions \u003c V3.3.46), SIPLUS NET CP 1543-1 (All versions \u003c V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions \u003c V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions \u003c V3.3.46). The application does not correctly escape some user provided fields during the authentication process. This could allow an attacker to inject custom commands and execute arbitrary code with elevated privileges." } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T09:30:39.103Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2022-34820", "datePublished": "2022-07-12T10:07:29", "dateReserved": "2022-06-29T00:00:00", "dateUpdated": "2024-08-03T09:22:10.675Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
var-202207-0620
Vulnerability from variot
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application does not correctly escape some user provided fields during the authentication process. This could allow an attacker to inject custom commands and execute arbitrary code with elevated privileges. The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect the SIMATIC S7-1200 controllers to a wide area network (WAN). They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or ST7 master via the SINAUT ST7 telecontrol protocol. The SIMATIC CP 1543-1 communications processor connects the SIMATIC S7-1500 controller to Ethernet. They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1543SP-1, CP 1542SP-1 and CP 1542SP-1 IRC communication processors connect the SIMATIC ET 200SP controllers to Ethernet. The SIMATIC CP 1543SP-1 and CP 1542SP-1 IRC communication processors also offer integrated security functions such as firewalls, virtual private networks (VPN) or support for other data encryption protocols. SIPLUSextreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware on which they are based
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0620", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic cp 1542sp-1 irc", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "simatic cp 1543sp-1", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "simatic cp 1242-7 v2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2.28" }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2.28" }, { "model": "simatic cp 1542sp-1 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2.28" }, { "model": "simatic cp 1243-7 lte eu", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "simatic cp 1243-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "simatic cp 1243-8 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "siplus net cp 1242-7 v2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "simatic cp 1543sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2.28" }, { "model": "siplus net cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.22" }, { "model": "simatic cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.22" }, { "model": "siplus s7-1200 cp 1243-1 rail", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "siplus s7-1200 cp 1243-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2.28" }, { "model": "simatic cp 1243-7 lte us", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.46" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp lte eu", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp lte us", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-8" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1543-1\u003c3.0.22" }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1543-1\u003c3.0.22" }, { "model": "siplus s7-1200 cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "siplus s7-1200 cp rail", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" }, { "db": "NVD", "id": "CVE-2022-34820" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1242-7_v2_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.46", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1242-7_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.46", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_eu_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.46", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_eu:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_us_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.46", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_us:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-8_irc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.46", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-8_irc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.28", "versionStartIncluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.22", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.28", "versionStartIncluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1543sp-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.28", "versionStartIncluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.28", "versionStartIncluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.28", "versionStartIncluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:siplus_net_cp_1242-7_v2_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.46", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:siplus_net_cp_1242-7_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.22", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.46", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_rail_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.46", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-34820" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-903" } ], "trust": 0.6 }, "cve": "CVE-2022-34820", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 6.5, "id": "CNVD-2022-51635", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2022-34820", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.7, "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-34820", "trust": 1.0, "value": "CRITICAL" }, { "author": "productcert@siemens.com", "id": "CVE-2022-34820", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2022-51635", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202207-903", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2022-34820", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" }, { "db": "VULMON", "id": "CVE-2022-34820" }, { "db": "CNNVD", "id": "CNNVD-202207-903" }, { "db": "NVD", "id": "CVE-2022-34820" }, { "db": "NVD", "id": "CVE-2022-34820" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions \u003c V3.3.46), SIMATIC CP 1243-1 (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE US (All versions \u003c V3.3.46), SIMATIC CP 1243-8 IRC (All versions \u003c V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions \u003e= V2.0 \u003c V2.2.28), SIMATIC CP 1543-1 (All versions \u003c V3.0.22), SIMATIC CP 1543SP-1 (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions \u003c V3.3.46), SIPLUS NET CP 1543-1 (All versions \u003c V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions \u003c V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions \u003c V3.3.46). The application does not correctly escape some user provided fields during the authentication process. This could allow an attacker to inject custom commands and execute arbitrary code with elevated privileges. The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect the SIMATIC S7-1200 controllers to a wide area network (WAN). They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or ST7 master via the SINAUT ST7 telecontrol protocol. The SIMATIC CP 1543-1 communications processor connects the SIMATIC S7-1500 controller to Ethernet. They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1543SP-1, CP 1542SP-1 and CP 1542SP-1 IRC communication processors connect the SIMATIC ET 200SP controllers to Ethernet. The SIMATIC CP 1543SP-1 and CP 1542SP-1 IRC communication processors also offer integrated security functions such as firewalls, virtual private networks (VPN) or support for other data encryption protocols. SIPLUSextreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware on which they are based", "sources": [ { "db": "NVD", "id": "CVE-2022-34820" }, { "db": "CNVD", "id": "CNVD-2022-51635" }, { "db": "VULMON", "id": "CVE-2022-34820" } ], "trust": 1.53 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-34820", "trust": 2.3 }, { "db": "SIEMENS", "id": "SSA-517377", "trust": 2.3 }, { "db": "ICS CERT", "id": "ICSA-22-195-12", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2022-51635", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022071333", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202207-903", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-34820", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" }, { "db": "VULMON", "id": "CVE-2022-34820" }, { "db": "CNNVD", "id": "CNNVD-202207-903" }, { "db": "NVD", "id": "CVE-2022-34820" } ] }, "id": "VAR-202207-0620", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" } ], "trust": 1.3424043555555556 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" } ] }, "last_update_date": "2024-02-12T22:53:42.445000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens SIMATIC CP SRCS VPN Feature Command Injection Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/339691" }, { "title": "Multiple Siemens SIMATIC Product Command Injection Vulnerability Fixes", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228949" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" }, { "db": "CNNVD", "id": "CNNVD-202207-903" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-116", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2022-34820" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-517377.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022071333" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-34820/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/siemens-simatic-cp-three-vulnerabilities-via-srcs-vpn-38784" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-195-12" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/116.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-12" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" }, { "db": "VULMON", "id": "CVE-2022-34820" }, { "db": "CNNVD", "id": "CNNVD-202207-903" }, { "db": "NVD", "id": "CVE-2022-34820" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-51635" }, { "db": "VULMON", "id": "CVE-2022-34820" }, { "db": "CNNVD", "id": "CNNVD-202207-903" }, { "db": "NVD", "id": "CVE-2022-34820" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-15T00:00:00", "db": "CNVD", "id": "CNVD-2022-51635" }, { "date": "2022-07-12T00:00:00", "db": "VULMON", "id": "CVE-2022-34820" }, { "date": "2022-07-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-903" }, { "date": "2022-07-12T10:15:12.343000", "db": "NVD", "id": "CVE-2022-34820" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-15T00:00:00", "db": "CNVD", "id": "CNVD-2022-51635" }, { "date": "2023-06-29T00:00:00", "db": "VULMON", "id": "CVE-2022-34820" }, { "date": "2023-06-30T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-903" }, { "date": "2023-06-29T15:34:19.477000", "db": "NVD", "id": "CVE-2022-34820" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-903" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens SIMATIC CP SRCS VPN Feature Command Injection Vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2022-51635" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "command injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-903" } ], "trust": 0.6 } }
var-202109-0846
Vulnerability from variot
A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions < V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext. SIPLUS extreme products are designed for reliable operation under extreme conditions, based on SIMATIC, LOGO! , SITOP, SINAMICS, SIMOTION, SCALANCE or other equipment. The SIMATIC CP 1543-1 and SIMATIC CP 1545-1 communication processors connect the S7-1500 controller to the Ethernet. It provides integrated security features, such as firewalls, virtual private networks (VPN), and support for other protocols for data encryption.
Many Siemens SIMATIC products have sensitive information leakage vulnerabilities. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202109-0846", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic cp 1545-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "simatic cp 1545-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp 1543-1", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1543-1\u003cv3.0" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1545-1" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-71448" }, { "db": "JVNDB", "id": "JVNDB-2021-011722" }, { "db": "NVD", "id": "CVE-2021-33716" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1545-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1545-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-33716" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported this vulnerability to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-816" } ], "trust": 0.6 }, "cve": "CVE-2021-33716", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.5, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Adjacent Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 3.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-33716", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 6.1, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 6.5, "id": "CNVD-2021-71448", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:A/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Adjacent Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-33716", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-33716", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2021-71448", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202109-816", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-33716", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-71448" }, { "db": "VULMON", "id": "CVE-2021-33716" }, { "db": "JVNDB", "id": "JVNDB-2021-011722" }, { "db": "NVD", "id": "CVE-2021-33716" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202109-816" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions \u003c V3.0), SIMATIC CP 1545-1 (All versions \u003c V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext. SIPLUS extreme products are designed for reliable operation under extreme conditions, based on SIMATIC, LOGO! , SITOP, SINAMICS, SIMOTION, SCALANCE or other equipment. The SIMATIC CP 1543-1 and SIMATIC CP 1545-1 communication processors connect the S7-1500 controller to the Ethernet. It provides integrated security features, such as firewalls, virtual private networks (VPN), and support for other protocols for data encryption. \n\r\n\r\nMany Siemens SIMATIC products have sensitive information leakage vulnerabilities. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-33716" }, { "db": "JVNDB", "id": "JVNDB-2021-011722" }, { "db": "CNVD", "id": "CNVD-2021-71448" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-33716" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-33716", "trust": 3.9 }, { "db": "SIEMENS", "id": "SSA-535997", "trust": 2.3 }, { "db": "ICS CERT", "id": "ICSA-21-257-06", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU96712416", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2021-011722", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2021-71448", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021091604", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.3098", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202109-816", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-33716", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-71448" }, { "db": "VULMON", "id": "CVE-2021-33716" }, { "db": "JVNDB", "id": "JVNDB-2021-011722" }, { "db": "NVD", "id": "CVE-2021-33716" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202109-816" } ] }, "id": "VAR-202109-0846", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-71448" } ], "trust": 1.4846153599999998 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-71448" } ] }, "last_update_date": "2023-12-18T11:32:30.263000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-535997", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf" }, { "title": "Patch for Vulnerabilities in sensitive information disclosure of multiple Siemens SIMATIC products", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/291021" }, { "title": "SIMATIC CP 1543-1 and SIMATIC CP 1545-1 Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=162349" }, { "title": "Siemens Security Advisories: Siemens Security Advisory", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=d9fefe0f15fea36e72513449b164a072" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-71448" }, { "db": "VULMON", "id": "CVE-2021-33716" }, { "db": "JVNDB", "id": "JVNDB-2021-011722" }, { "db": "CNNVD", "id": "CNNVD-202109-816" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-312", "trust": 1.0 }, { "problemtype": "Plaintext storage of important information (CWE-312) [ others ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-011722" }, { "db": "NVD", "id": "CVE-2021-33716" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33716" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu96712416/index.html" }, { "trust": 0.8, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-21-257-06" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3098" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021091604" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/simatic-cp-1543-1-1545-1-information-disclosure-via-cleartext-36398" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-257-06" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/312.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://cert-portal.siemens.com/productcert/txt/ssa-535997.txt" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-71448" }, { "db": "VULMON", "id": "CVE-2021-33716" }, { "db": "JVNDB", "id": "JVNDB-2021-011722" }, { "db": "NVD", "id": "CVE-2021-33716" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202109-816" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2021-71448" }, { "db": "VULMON", "id": "CVE-2021-33716" }, { "db": "JVNDB", "id": "JVNDB-2021-011722" }, { "db": "NVD", "id": "CVE-2021-33716" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202109-816" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-09-16T00:00:00", "db": "CNVD", "id": "CNVD-2021-71448" }, { "date": "2021-09-14T00:00:00", "db": "VULMON", "id": "CVE-2021-33716" }, { "date": "2022-08-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-011722" }, { "date": "2021-09-14T11:15:24.347000", "db": "NVD", "id": "CVE-2021-33716" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2021-09-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202109-816" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-18T00:00:00", "db": "CNVD", "id": "CNVD-2021-71448" }, { "date": "2021-09-23T00:00:00", "db": "VULMON", "id": "CVE-2021-33716" }, { "date": "2022-08-09T06:52:00", "db": "JVNDB", "id": "JVNDB-2021-011722" }, { "date": "2022-12-08T18:30:12.390000", "db": "NVD", "id": "CVE-2021-33716" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-06-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202109-816" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-816" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SIMATIC\u00a0CP\u00a01543-1\u00a0 and \u00a0SIMATIC\u00a0CP\u00a01545-1\u00a0 Vulnerability in plaintext storage of important information in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-011722" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202109-816" } ], "trust": 1.2 } }
var-201611-0025
Vulnerability from variot
A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service. Siemens SIMATIC CP 1543-1 Is SNMPv3 Write access or SNMPv1 Service operation disruption when is enabled (DoS) There are vulnerabilities that are put into a state.By a remotely authenticated user SNMP Service operation disruption by changing variables (DoS) There is a possibility of being put into a state. SIEMENSSIMATICCP1543-1 is a communication processor that integrates security functions such as firewall, VPN, security protocol, data encryption, etc. It provides network connection and secure communication of s7-1500 controller. A denial of service vulnerability exists in the SIEMENSSIMATICCP1543-1 device. When SNMPv3 write access or SNMPv1 is turned on, an attacker exploits vulnerabilities to modify SNMP variables through the 161/udp port, thereby reducing availability or causing denial of service attacks. Siemens SIMATIC CP 1543-1 is prone to a privilege-escalation vulnerability and a denial-of-service vulnerability. Attackers can leverage these issues to gain elevated privileges and cause denial-of-service conditions on the affected device. Siemens SIMATIC CP 1543-1 is a controller of Germany's Siemens (Siemens) company that is used to connect communication processors to Ethernet and provides integrated security functions
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201611-0025", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic cp 1543-1", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543-1", "scope": "lt", "trust": 0.8, "vendor": "siemens", "version": "2.0.28" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1543-1\u003c2.0.28" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1543-10" }, { "model": "simatic cp", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1543-12.0.28" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1543 1", "version": null } ], "sources": [ { "db": "IVD", "id": "fe6b4ae9-2ba1-4c21-af48-55d5ed245b66" }, { "db": "CNVD", "id": "CNVD-2016-11368" }, { "db": "BID", "id": "94436" }, { "db": "JVNDB", "id": "JVNDB-2016-005921" }, { "db": "NVD", "id": "CVE-2016-8562" }, { "db": "CNNVD", "id": "CNNVD-201611-446" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-8562" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "These vulnerabilities were coordinated directly with Siemens by SOGETI and Agence nationale de la s\u00e9curit\u00e9 des syst\u00e8mes d\u2019information (ANSSI).", "sources": [ { "db": "CNNVD", "id": "CNNVD-201611-446" } ], "trust": 0.6 }, "cve": "CVE-2016-8562", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 3.5, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-8562", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 5.4, "confidentialityImpact": "NONE", "exploitabilityScore": 4.9, "id": "CNVD-2016-11368", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 5.4, "confidentialityImpact": "NONE", "exploitabilityScore": 4.9, "id": "fe6b4ae9-2ba1-4c21-af48-55d5ed245b66", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "id": "VHN-97382", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "LOW", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:S/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 1.6, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 5.3, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2016-8562", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-8562", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2016-11368", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201611-446", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "fe6b4ae9-2ba1-4c21-af48-55d5ed245b66", "trust": 0.2, "value": "LOW" }, { "author": "VULHUB", "id": "VHN-97382", "trust": 0.1, "value": "LOW" }, { "author": "VULMON", "id": "CVE-2016-8562", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "IVD", "id": "fe6b4ae9-2ba1-4c21-af48-55d5ed245b66" }, { "db": "CNVD", "id": "CNVD-2016-11368" }, { "db": "VULHUB", "id": "VHN-97382" }, { "db": "VULMON", "id": "CVE-2016-8562" }, { "db": "JVNDB", "id": "JVNDB-2016-005921" }, { "db": "NVD", "id": "CVE-2016-8562" }, { "db": "CNNVD", "id": "CNNVD-201611-446" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC CP 1543-1 (All versions \u003c V2.0.28), SIPLUS NET CP 1543-1 (All versions \u003c V2.0.28). Under special conditions it was possible to write SNMP variables on port 161/udp which should be read-only and should only be configured with TIA-Portal. A write to these variables could reduce the availability or cause a denial-of-service. Siemens SIMATIC CP 1543-1 Is SNMPv3 Write access or SNMPv1 Service operation disruption when is enabled (DoS) There are vulnerabilities that are put into a state.By a remotely authenticated user SNMP Service operation disruption by changing variables (DoS) There is a possibility of being put into a state. SIEMENSSIMATICCP1543-1 is a communication processor that integrates security functions such as firewall, VPN, security protocol, data encryption, etc. It provides network connection and secure communication of s7-1500 controller. A denial of service vulnerability exists in the SIEMENSSIMATICCP1543-1 device. When SNMPv3 write access or SNMPv1 is turned on, an attacker exploits vulnerabilities to modify SNMP variables through the 161/udp port, thereby reducing availability or causing denial of service attacks. Siemens SIMATIC CP 1543-1 is prone to a privilege-escalation vulnerability and a denial-of-service vulnerability. \nAttackers can leverage these issues to gain elevated privileges and cause denial-of-service conditions on the affected device. Siemens SIMATIC CP 1543-1 is a controller of Germany\u0027s Siemens (Siemens) company that is used to connect communication processors to Ethernet and provides integrated security functions", "sources": [ { "db": "NVD", "id": "CVE-2016-8562" }, { "db": "JVNDB", "id": "JVNDB-2016-005921" }, { "db": "CNVD", "id": "CNVD-2016-11368" }, { "db": "BID", "id": "94436" }, { "db": "IVD", "id": "fe6b4ae9-2ba1-4c21-af48-55d5ed245b66" }, { "db": "VULHUB", "id": "VHN-97382" }, { "db": "VULMON", "id": "CVE-2016-8562" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-8562", "trust": 3.7 }, { "db": "ICS CERT", "id": "ICSA-16-327-01", "trust": 2.9 }, { "db": "BID", "id": "94436", "trust": 2.7 }, { "db": "SIEMENS", "id": "SSA-672373", "trust": 2.7 }, { "db": "CNVD", "id": "CNVD-2016-11368", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201611-446", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-005921", "trust": 0.8 }, { "db": "IVD", "id": "FE6B4AE9-2BA1-4C21-AF48-55D5ED245B66", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-97382", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-8562", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "fe6b4ae9-2ba1-4c21-af48-55d5ed245b66" }, { "db": "CNVD", "id": "CNVD-2016-11368" }, { "db": "VULHUB", "id": "VHN-97382" }, { "db": "VULMON", "id": "CVE-2016-8562" }, { "db": "BID", "id": "94436" }, { "db": "JVNDB", "id": "JVNDB-2016-005921" }, { "db": "NVD", "id": "CVE-2016-8562" }, { "db": "CNNVD", "id": "CNNVD-201611-446" } ] }, "id": "VAR-201611-0025", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "fe6b4ae9-2ba1-4c21-af48-55d5ed245b66" }, { "db": "CNVD", "id": "CNVD-2016-11368" }, { "db": "VULHUB", "id": "VHN-97382" } ], "trust": 1.78461536 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS", "Network device" ], "sub_category": null, "trust": 0.6 }, { "category": [ "ICS" ], "sub_category": null, "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "fe6b4ae9-2ba1-4c21-af48-55d5ed245b66" }, { "db": "CNVD", "id": "CNVD-2016-11368" } ] }, "last_update_date": "2023-12-18T13:34:24.703000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-672373", "trust": 0.8, "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf" }, { "title": "SIEMENSSIMATICCP1543-1 device denial of service vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/84113" }, { "title": "Siemens SIMATIC CP 1543-1 Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65784" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-11368" }, { "db": "JVNDB", "id": "JVNDB-2016-005921" }, { "db": "CNNVD", "id": "CNNVD-201611-446" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-97382" }, { "db": "JVNDB", "id": "JVNDB-2016-005921" }, { "db": "NVD", "id": "CVE-2016-8562" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.9, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-327-01" }, { "trust": 2.7, "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf" }, { "trust": 1.9, "url": "http://www.securityfocus.com/bid/94436" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8562" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8562" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-16-327-01" }, { "trust": 0.3, "url": "http://www.siemens.com/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-16-327-01" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-11368" }, { "db": "VULHUB", "id": "VHN-97382" }, { "db": "VULMON", "id": "CVE-2016-8562" }, { "db": "BID", "id": "94436" }, { "db": "JVNDB", "id": "JVNDB-2016-005921" }, { "db": "NVD", "id": "CVE-2016-8562" }, { "db": "CNNVD", "id": "CNNVD-201611-446" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "fe6b4ae9-2ba1-4c21-af48-55d5ed245b66" }, { "db": "CNVD", "id": "CNVD-2016-11368" }, { "db": "VULHUB", "id": "VHN-97382" }, { "db": "VULMON", "id": "CVE-2016-8562" }, { "db": "BID", "id": "94436" }, { "db": "JVNDB", "id": "JVNDB-2016-005921" }, { "db": "NVD", "id": "CVE-2016-8562" }, { "db": "CNNVD", "id": "CNNVD-201611-446" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-11-21T00:00:00", "db": "IVD", "id": "fe6b4ae9-2ba1-4c21-af48-55d5ed245b66" }, { "date": "2016-11-21T00:00:00", "db": "CNVD", "id": "CNVD-2016-11368" }, { "date": "2016-11-18T00:00:00", "db": "VULHUB", "id": "VHN-97382" }, { "date": "2016-11-18T00:00:00", "db": "VULMON", "id": "CVE-2016-8562" }, { "date": "2016-11-18T00:00:00", "db": "BID", "id": "94436" }, { "date": "2016-11-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-005921" }, { "date": "2016-11-18T21:59:02.033000", "db": "NVD", "id": "CVE-2016-8562" }, { "date": "2016-11-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201611-446" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-11-21T00:00:00", "db": "CNVD", "id": "CNVD-2016-11368" }, { "date": "2016-12-22T00:00:00", "db": "VULHUB", "id": "VHN-97382" }, { "date": "2022-04-12T00:00:00", "db": "VULMON", "id": "CVE-2016-8562" }, { "date": "2016-11-24T00:16:00", "db": "BID", "id": "94436" }, { "date": "2016-11-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-005921" }, { "date": "2022-04-12T10:15:09.537000", "db": "NVD", "id": "CVE-2016-8562" }, { "date": "2022-04-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201611-446" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201611-446" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SIEMENS SIMATIC CP 1543-1 Device Denial of Service Vulnerability", "sources": [ { "db": "IVD", "id": "fe6b4ae9-2ba1-4c21-af48-55d5ed245b66" }, { "db": "CNVD", "id": "CNVD-2016-11368" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201611-446" } ], "trust": 0.6 } }
var-202207-0621
Vulnerability from variot
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.2), SCALANCE M804PB (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.2), SCALANCE M874-2 (All versions < V7.2), SCALANCE M874-3 (All versions < V7.2), SCALANCE M876-3 (EVDO) (All versions < V7.2), SCALANCE M876-3 (ROK) (All versions < V7.2), SCALANCE M876-4 (All versions < V7.2), SCALANCE M876-4 (EU) (All versions < V7.2), SCALANCE M876-4 (NAM) (All versions < V7.2), SCALANCE MUM853-1 (EU) (All versions < V7.2), SCALANCE MUM856-1 (EU) (All versions < V7.2), SCALANCE MUM856-1 (RoW) (All versions < V7.2), SCALANCE S615 (All versions < V7.2), SCALANCE S615 EEC (All versions < V7.2), SCALANCE SC622-2C (All versions < V2.3), SCALANCE SC622-2C (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (All versions < V2.3), SCALANCE SC626-2C (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (All versions < V2.3), SCALANCE SC632-2C (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (All versions < V2.3), SCALANCE SC636-2C (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (All versions < V2.3), SCALANCE SC642-2C (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (All versions < V2.3), SCALANCE SC646-2C (All versions >= V2.3 < V3.0), SCALANCE WAM763-1 (All versions), SCALANCE WAM766-1 (EU) (All versions), SCALANCE WAM766-1 (US) (All versions), SCALANCE WAM766-1 EEC (EU) (All versions), SCALANCE WAM766-1 EEC (US) (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM766-1 (EU) (All versions), SCALANCE WUM766-1 (US) (All versions), SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges. The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect the SIMATIC S7-1200 controllers to a wide area network (WAN). They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or ST7 master via the SINAUT ST7 telecontrol protocol. The SIMATIC CP 1543-1 communications processor connects the SIMATIC S7-1500 controller to Ethernet. They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1543SP-1, CP 1542SP-1 and CP 1542SP-1 IRC communication processors connect the SIMATIC ET 200SP controllers to Ethernet. The SIMATIC CP 1543SP-1 and CP 1542SP-1 IRC communication processors also offer integrated security functions such as firewalls, virtual private networks (VPN) or support for other data encryption protocols. SIPLUSextreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware on which they are based
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0621", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic cp 1542sp-1 irc", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "simatic cp 1543sp-1", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "simatic cp 1242-7 v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-8 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus net cp 1242-7 v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus s7-1200 cp 1243-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-7 lte eu", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus net cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.22" }, { "model": "simatic cp 1243-7 lte us", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.22" }, { "model": "siplus s7-1200 cp 1243-1 rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp lte eu", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp lte us", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-8" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1543-1\u003c3.0.22" }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1543-1\u003c3.0.22" }, { "model": "siplus s7-1200 cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "siplus s7-1200 cp rail", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51634" }, { "db": "NVD", "id": "CVE-2022-34821" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1242-7_v2_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1242-7_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_eu_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_eu:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_us_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_us:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-8_irc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-8_irc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.22", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1543sp-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:siplus_net_cp_1242-7_v2_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:siplus_net_cp_1242-7_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.22", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_rail_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-34821" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-902" } ], "trust": 0.6 }, "cve": "CVE-2022-34821", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.2, "id": "CNVD-2022-51634", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2022-34821", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "author": "productcert@siemens.com", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.0, "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-34821", "trust": 1.0, "value": "CRITICAL" }, { "author": "productcert@siemens.com", "id": "CVE-2022-34821", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2022-51634", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202207-902", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2022-34821", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51634" }, { "db": "VULMON", "id": "CVE-2022-34821" }, { "db": "CNNVD", "id": "CNNVD-202207-902" }, { "db": "NVD", "id": "CVE-2022-34821" }, { "db": "NVD", "id": "CVE-2022-34821" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions \u003c V7.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions \u003c V7.2), SCALANCE M804PB (All versions \u003c V7.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions \u003c V7.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions \u003c V7.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions \u003c V7.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions \u003c V7.2), SCALANCE M826-2 SHDSL-Router (All versions \u003c V7.2), SCALANCE M874-2 (All versions \u003c V7.2), SCALANCE M874-3 (All versions \u003c V7.2), SCALANCE M876-3 (EVDO) (All versions \u003c V7.2), SCALANCE M876-3 (ROK) (All versions \u003c V7.2), SCALANCE M876-4 (All versions \u003c V7.2), SCALANCE M876-4 (EU) (All versions \u003c V7.2), SCALANCE M876-4 (NAM) (All versions \u003c V7.2), SCALANCE MUM853-1 (EU) (All versions \u003c V7.2), SCALANCE MUM856-1 (EU) (All versions \u003c V7.2), SCALANCE MUM856-1 (RoW) (All versions \u003c V7.2), SCALANCE S615 (All versions \u003c V7.2), SCALANCE S615 EEC (All versions \u003c V7.2), SCALANCE SC622-2C (All versions \u003c V2.3), SCALANCE SC622-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC626-2C (All versions \u003c V2.3), SCALANCE SC626-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC632-2C (All versions \u003c V2.3), SCALANCE SC632-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC636-2C (All versions \u003c V2.3), SCALANCE SC636-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC642-2C (All versions \u003c V2.3), SCALANCE SC642-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE SC646-2C (All versions \u003c V2.3), SCALANCE SC646-2C (All versions \u003e= V2.3 \u003c V3.0), SCALANCE WAM763-1 (All versions), SCALANCE WAM766-1 (EU) (All versions), SCALANCE WAM766-1 (US) (All versions), SCALANCE WAM766-1 EEC (EU) (All versions), SCALANCE WAM766-1 EEC (US) (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM766-1 (EU) (All versions), SCALANCE WUM766-1 (US) (All versions), SIMATIC CP 1242-7 V2 (All versions \u003c V3.3.46), SIMATIC CP 1243-1 (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE US (All versions \u003c V3.3.46), SIMATIC CP 1243-8 IRC (All versions \u003c V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions \u003e= V2.0 \u003c V2.2.28), SIMATIC CP 1543-1 (All versions \u003c V3.0.22), SIMATIC CP 1543SP-1 (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions \u003c V3.3.46), SIPLUS NET CP 1543-1 (All versions \u003c V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions \u003c V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions \u003c V3.3.46). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges. The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect the SIMATIC S7-1200 controllers to a wide area network (WAN). They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or ST7 master via the SINAUT ST7 telecontrol protocol. The SIMATIC CP 1543-1 communications processor connects the SIMATIC S7-1500 controller to Ethernet. They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1543SP-1, CP 1542SP-1 and CP 1542SP-1 IRC communication processors connect the SIMATIC ET 200SP controllers to Ethernet. The SIMATIC CP 1543SP-1 and CP 1542SP-1 IRC communication processors also offer integrated security functions such as firewalls, virtual private networks (VPN) or support for other data encryption protocols. SIPLUSextreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware on which they are based", "sources": [ { "db": "NVD", "id": "CVE-2022-34821" }, { "db": "CNVD", "id": "CNVD-2022-51634" }, { "db": "VULMON", "id": "CVE-2022-34821" } ], "trust": 1.53 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2022-34821", "trust": 2.3 }, { "db": "SIEMENS", "id": "SSA-517377", "trust": 2.3 }, { "db": "SIEMENS", "id": "SSA-413565", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-22-195-12", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2022-51634", "trust": 0.6 }, { "db": "ICS CERT", "id": "ICSA-22-349-04", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022071333", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202207-902", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-34821", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51634" }, { "db": "VULMON", "id": "CVE-2022-34821" }, { "db": "CNNVD", "id": "CNNVD-202207-902" }, { "db": "NVD", "id": "CVE-2022-34821" } ] }, "id": "VAR-202207-0621", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-51634" } ], "trust": 1.3424043555555556 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51634" } ] }, "last_update_date": "2024-02-12T23:08:54.645000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens SIMATIC CP SRCS VPN Feature Code Injection Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/339696" }, { "title": "Siemens SIMATIC Fixes for code injection vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228948" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51634" }, { "db": "CNNVD", "id": "CNNVD-202207-902" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-94", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2022-34821" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413565.pdf" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-517377.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022071333" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-349-04" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/siemens-simatic-cp-three-vulnerabilities-via-srcs-vpn-38784" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-34821/" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-195-12" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/94.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-12" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51634" }, { "db": "VULMON", "id": "CVE-2022-34821" }, { "db": "CNNVD", "id": "CNNVD-202207-902" }, { "db": "NVD", "id": "CVE-2022-34821" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-51634" }, { "db": "VULMON", "id": "CVE-2022-34821" }, { "db": "CNNVD", "id": "CNNVD-202207-902" }, { "db": "NVD", "id": "CVE-2022-34821" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-15T00:00:00", "db": "CNVD", "id": "CNVD-2022-51634" }, { "date": "2022-07-12T00:00:00", "db": "VULMON", "id": "CVE-2022-34821" }, { "date": "2022-07-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-902" }, { "date": "2022-07-12T10:15:12.393000", "db": "NVD", "id": "CVE-2022-34821" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-15T00:00:00", "db": "CNVD", "id": "CNVD-2022-51634" }, { "date": "2023-10-10T00:00:00", "db": "VULMON", "id": "CVE-2022-34821" }, { "date": "2023-03-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-902" }, { "date": "2023-10-10T11:15:10.703000", "db": "NVD", "id": "CVE-2022-34821" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-902" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens SIMATIC CP SRCS VPN Feature Code Injection Vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2022-51634" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "code injection", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-902" } ], "trust": 0.6 } }
var-201705-3221
Vulnerability from variot
Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices. SIMATIC HMI is an industrial device from Siemens AG, Germany. The SIMATIC HMI panels are used for operator control and monitoring of machines and equipment. Multiple Siemens Products is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause a denial-of-service condition. Manual restart of the server is required to resume normal operation. A vulnerability has been identified in SIMATIC CP 343-1 Std (All versions), SIMATIC CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std (All versions < V3.2.17), SIMATIC CP 443-1 Adv (All versions < V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions < V2.1.82), SIMATIC CP 1243-1 IRC (All versions < V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions < V2.0), SIMATIC CM 1542SP-1 (All versions < V1.0.15), SIMATIC CP 1542SP-1 IRC (All versions < V1.0.15), SIMATIC CP 1543SP-1 (All versions < V1.0.15), SIMATIC CP 1543-1 (All versions < V2.1), SIMATIC RF650R (All versions < V3.0), SIMATIC RF680R (All versions < V3.0), SIMATIC RF685R (All versions < V3.0), SIMATIC CP 1616 (All versions < V2.7), SIMATIC CP 1604 (All versions < V2.7), SIMATIC DK-16xx PN IO (All versions < V2.7), SCALANCE X-200 (All versions < V5.2.2), SCALANCE X-200 IRT (All versions), SCALANCE X-300/X408 (All versions < V4.1.0), SCALANCE X414 (All versions < V3.10.2), SCALANCE XM400 (All versions < V6.1), SCALANCE XR500 (All versions < V6.1), SCALANCE W700 (All versions < V6.1), SCALANCE M-800, S615 (All versions < V4.03), Softnet PROFINET IO for PC-based Windows systems (All versions < V14 SP1), IE/PB-Link (All versions < V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions < V1.2.0), SITOP UPS1600 PROFINET (All versions < V2.2.0), SIMATIC ET 200AL (All versions < V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM155-5 PN BA (All versions < V4.0.1), SIMATIC ET 200MP IM155-5 PN ST (All versions < V4.1), SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST) (All versions), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM155-6 PN ST (All versions < V4.1.0), SIMATIC ET 200SP (except IM155-6 PN ST) (All versions), SIMATIC PN/PN Coupler (All versions < V4.0), Development/Evaluation Kit DK Standard Ethernet Controller (All versions < V4.1.1 Patch04), Development/Evaluation Kit EK-ERTEC 200P (All versions < V4.4.0 Patch01), Development/Evaluation Kit EK-ERTEC 200 (All versions < V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions < V2.3), SIMATIC S7-300 incl. F and T (All versions < V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions < V6.0.6), SIMATIC S7-400-H V6 (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions < V7.0.2), SIMATIC S7-410 (All versions < V8.2), SIMATIC S7-1200 incl. F (All versions < V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions < V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions < V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft Starter 3RW44 PN (All versions), SIRIUS Motor Starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions < V2.0.0), SINAMICS DCM w. PN (All versions < V1.4 SP1 HF5), SINAMICS DCP w. PN (All versions < V1.2 HF 1), SINAMICS G110M w. PN (All versions < V4.7 SP6 HF3), SINAMICS G120(C/P/D) w. PN (All versions < V4.7 SP6 HF3), SINAMICS G130 V4.7 w. PN (All versions < V4.7 HF27), SINAMICS G150 V4.7 w. PN (V4.7: All versions < V4.7 HF27), SINAMICS G130 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS G150 V4.8 w. PN (All versions < V4.8 HF4), SINAMICS S110 w. PN (All versions < V4.4 SP3 HF5), SINAMICS S120 V4.7 w. PN (All versions < V4.7 HF27), and others. Siemens SIMATIC S7-300 F, etc. Siemens SIMATIC S7-300 F is a process controller. SIMATIC HMI Comfort Panels are touch screens
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3221", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "sinumerik 828d", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": "4.5" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": "4.5" }, { "model": "simatic hmi comfort panels", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic hmi mobile panels", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic cp 343-1 adv", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic s7-1500 software controller", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "simatic teleservice adapter ie basic modem", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic tdc cp51m1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1.8" }, { "model": "simatic cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.15" }, { "model": "simatic cp 1243-1 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1.82" }, { "model": "sinamics dcm", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.4" }, { "model": "sirius act 3su1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1.0" }, { "model": "simatic rf680r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic cp 1543sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.15" }, { "model": "sinamics g120\\ pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic et 200al", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.2" }, { "model": "simatic cp 1543sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "simatic cp 443-1 adv", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2.17" }, { "model": "scalance x414", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.10.2" }, { "model": "sinumerik 828d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "sinumerik 840d sl", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "softnet profinet io", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "14" }, { "model": "simatic et 200pro", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "ek-ertec 200 pn io", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.2.1" }, { "model": "simatic cp 1243-1 dnp3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance x300", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1.0" }, { "model": "scalance s615", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.03" }, { "model": "sinamics s110 pn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.4" }, { "model": "simatic s7-400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.0.6" }, { "model": "simatic et 200m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "ups1600 profinet", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2.0" }, { "model": "sinamics dcp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.2" }, { "model": "simotion", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "sinamics dcm", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.4" }, { "model": "dk standard ethernet controller", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1.1" }, { "model": "sinamics s120", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics g110m", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics g130", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "scalance xr500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.1" }, { "model": "simatic s7-200 smart", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3" }, { "model": "simatic et 200s", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1.82" }, { "model": "ek-ertec 200p pn io", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.4.0" }, { "model": "simatic dk-16xx pn io", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7" }, { "model": "simatic tdc cpu555", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1.1" }, { "model": "simatic cp 1616", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7" }, { "model": "sinamics s120", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic et 200sp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2.0" }, { "model": "sinamics g150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "scalance w700", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.1" }, { "model": "simatic teleservice adapter ie advanced modem", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics g110m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sirius motor starter m200d profinet", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "softnet profinet io", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14" }, { "model": "sinamics g130", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 840d sl", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "scalance xm400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.1" }, { "model": "sirius soft starter 3rw44 pn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic hmi multi panels", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic winac rtx", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2010" }, { "model": "simocode pro v profinet", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.0.0" }, { "model": "sinamics s110 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.4" }, { "model": "simatic hmi mobile panels", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic rf650r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "ek-ertec 200 pn io", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2.1" }, { "model": "sinamics s150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics g150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic cp 343-1 lean", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.1.3" }, { "model": "ie\\/pb-link", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "scalance x200 irt", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.4.0" }, { "model": "pn\\/pn coupler", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "simatic cp 1604", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7" }, { "model": "simatic et 200ecopn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "ek-ertec 200p pn io", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.4.0" }, { "model": "ie\\/as-i link pn io", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic rf685r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "sinamics v90 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.01" }, { "model": "simatic cp 443-1 std", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2.17" }, { "model": "sinamics s150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic s7-300", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3.17" }, { "model": "simatic s7-1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "simatic cp 1243-1 iec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cm 1542sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.15" }, { "model": "scalance x200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2.2" }, { "model": "simatic s7-1200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2.1" }, { "model": "simatic cp 443-1 opc-ua", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic hmi comfort panels", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "scalance m-800", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.03" }, { "model": "simatic cp 343-1 std", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.1.3" }, { "model": "simatic teleservice adapter standard modem", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simotion", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "sinamics dcp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.2" }, { "model": "scalance x408", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1.0" }, { "model": "sitop psu8600", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.2.0" }, { "model": "dk standard ethernet controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.1.1" }, { "model": "simatic cp 1542sp-1 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.15" }, { "model": "simatic et 200mp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0.1" }, { "model": "simatic cm 1542-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "simatic winac rtx", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2010" }, { "model": "dk standard ethernet controller", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ek-ertec 200 pn io", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ek-ertec 200p pn io", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ie/as-i link pn io", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ie/pb-link", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "pn/pn coupler", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance m-800", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance s615", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance w700", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance x200 irt", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance x200", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance x300", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance x408", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance x414", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance xm400", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance xr500", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cm 1542-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1243-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1542sp-1 irc", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1542sp-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543sp-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1604", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1616", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 343-1 adv", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 343-1 lean", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 343-1 std", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 443-1 adv", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 443-1 opc-ua", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 443-1 std", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic dk-16xx pn io", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200al", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200ecopn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200m", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200mp", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200pro", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200s", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200sp", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic hmi multi panels", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic rf650r", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic rf680r", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic rf685r", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-1200", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500 software controller", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-200 smart", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-300", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-400", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic teleservice adapter ie advanced", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic teleservice adapter ie basic", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic teleservice adapter standard modem", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic winac rtx 2010", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simocode pro v profinet", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simotion", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics dcm", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics dcp", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics g110m", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics g120 w. pn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics g130", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics g150", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics s110 w. pn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics s120", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics s150", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics v90 w. pn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 828d", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 840d sl", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sirius act 3su1 interface module profinet", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sirius motor starter m200d profinet", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sirius soft starter 3rw44 pn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sitop psu8600", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sitop ups1600 profinet", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "softnet profinet io", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "for pc-based windows systems firmware" }, { "model": "simatic hmi multi panels", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinamics g150", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.8" }, { "model": "simatic hmi mobile panels", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinamics s120", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "4.8" }, { "model": "simatic hmi comfort panels", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "sinamics s110 w. pn", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "sinumerik 828d", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "sinumerik 840d sl", "version": "*" }, { "model": "ups1600 profinet", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "softnet profinet io", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sitop psu8600", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sirius soft starter 3rw44 pn", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sirius act 3su1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinumerik 840d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinumerik 828d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinamics sm150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics sm120", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics sl150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7.5" }, { "model": "sinamics sl150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7.4" }, { "model": "sinamics sl150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics gm150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics gl150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics gh150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simotion", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic winac rtx", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "20100" }, { "model": "simatic teleservice adapter standard modem", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-400", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-300", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-200 smart", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic rf685r", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic rf680r", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic rf650r", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic et", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "2000" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "443-10" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "343-10" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "16260" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "16160" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "16040" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1543-12.0.28" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1543-10" }, { "model": "simatic cp 1542sp-1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic cp irc", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1243-80" }, { "model": "simatic cp lte eu/us", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1243-70" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1243-10" }, { "model": "simatic cp gprs", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1242-7v20" }, { "model": "scalance xr500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "scalance xm400", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x4140" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x4084.0" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x4083.0" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x3000" }, { "model": "scalance irt", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x2000" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x2000" }, { "model": "scalance w700 series", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.4" }, { "model": "scalance w700 series", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.5.4" }, { "model": "scalance s615", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "scalance m-800", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.02" }, { "model": "scalance m-800", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "ie/as-i link pn io", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "extension unit profinet", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "22?0" }, { "model": "extension unit profinet", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "19?0" }, { "model": "extension unit profinet", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "15?0" }, { "model": "extension unit profinet", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "12?0" }, { "model": "e/pb-link", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinumerik 840d sl", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics sm120 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics sl150 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics gm150 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics gl150 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics gh150 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "simatic rf685r", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "3.0" }, { "model": "simatic rf680r", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "3.0" }, { "model": "simatic cp", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "16162.7" }, { "model": "simatic cp 1604d", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "2.7" }, { "model": "simatic cp irc", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1243-82.1.82" }, { "model": "simatic cp lte eu/us", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1243-72.1.82" }, { "model": "simatic cp gprs", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1242-7v22.1.82" }, { "model": "simatic rf650r", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "3.0" }, { "model": "simatic cp", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "443-13.2.17" }, { "model": "simatic cp", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "15431.2.1" }, { "model": "simatic cm1542", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1.2" }, { "model": "scalance w700", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "6.1" }, { "model": "extension unit profinet", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "22?1.1.1" }, { "model": "extension unit profinet", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "19?1.1.1" }, { "model": "extension unit profinet", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "15?1.1.1" }, { "model": "extension unit profinet", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "12?1.1.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 343 1 std", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1542sp 1 irc", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1543sp 1", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1543 1", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf650r", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf680r", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf685r", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1616", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1604", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic dk 16xx pn io", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x200", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 343 1 lean", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x200 irt", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x300", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x408", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x414", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance xm400", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance xr500", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance w700", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance m 800", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance s615", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "softnet profinet io", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 343 1 adv", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ie pb link", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ie as i link pn io", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic teleservice adapter standard modem", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic teleservice adapter ie basic modem", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic teleservice adapter ie advanced modem", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sitop psu8600", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ups1600 profinet", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200al", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200ecopn", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200m", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 443 1 std", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200mp", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200pro", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200s", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200sp", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "pn pn coupler", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "dk standard ethernet controller", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ek ertec 200p pn io", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ek ertec 200 pn io", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 200 smart", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 443 1 adv", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 400", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1200", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500 controller", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic winac rtx 2010", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sirius act 3su1", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sirius soft starter 3rw44 pn", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sirius motor starter m200d profinet", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simocode pro v profinet", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics dcm", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 443 1 opc ua", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics dcp", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g110m", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g120 c p d w pn", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g130", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g150", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s110 w pn", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s120", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s150", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics v90 w pn", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simotion", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1243 1", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi comfort panels", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi multi panels", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi mobile panels", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cm 1542 1", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1542sp 1", "version": null } ], "sources": [ { "db": "IVD", "id": "33467505-7492-4ae1-b978-12f61201709a" }, { "db": "CNVD", "id": "CNVD-2017-06153" }, { "db": "BID", "id": "98369" }, { "db": "JVNDB", "id": "JVNDB-2017-004135" }, { "db": "NVD", "id": "CVE-2017-2681" }, { "db": "CNNVD", "id": "CNNVD-201705-639" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_343-1_std_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.1.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_343-1_std:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_343-1_lean_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.1.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_343-1_lean:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_343-1_adv_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_343-1_adv:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_443-1_std_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_443-1_std:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_443-1_adv_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_443-1_adv:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_443-1_opc-ua_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_443-1_opc-ua:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.82", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cm_1542-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cm_1542-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.15", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1542sp-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.15", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1543sp-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.15", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_rf650r_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_rf650r:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_rf680r_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_rf680r:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_rf685r_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_rf685r:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1616_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1616:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1604_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1604:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_dk-16xx_pn_io_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_dk-16xx_pn_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x200_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.2.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x200_irt_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.4.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x200_irt:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x300_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x408_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x408:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x414_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.10.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x414:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_xm400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_xm400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_xr500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_xr500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_w700_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_w700:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.03", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_m-800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.03", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:softnet_profinet_io_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:softnet_profinet_io_firmware:14:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:softnet_profinet_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ie\\/pb-link_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ie\\/pb-link:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ie\\/as-i_link_pn_io_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ie\\/as-i_link_pn_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_teleservice_adapter_standard_modem_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_teleservice_adapter_standard_modem:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_basic_modem_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_basic_modem:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_advanced_modem_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_advanced_modem:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sitop_psu8600_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sitop_psu8600:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ups1600_profinet_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ups1600_profinet:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200al_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200al:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200ecopn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200ecopn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200m_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200mp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.0.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200mp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200pro_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200pro:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200sp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200sp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:pn\\/pn_coupler_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:pn\\/pn_coupler:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:4.1.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:dk_standard_ethernet_controller:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200p_pn_io_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200p_pn_io_firmware:4.4.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ek-ertec_200p_pn_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200_pn_io_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200_pn_io_firmware:4.2.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ek-ertec_200_pn_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-200_smart_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-200_smart:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.3.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.0.6", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2010", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_firmware:2010:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_winac_rtx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sirius_act_3su1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sirius_act_3su1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sirius_soft_starter_3rw44_pn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sirius_soft_starter_3rw44_pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sirius_motor_starter_m200d_profinet_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sirius_motor_starter_m200d_profinet:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simocode_pro_v_profinet_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simocode_pro_v_profinet:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcm_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcm_firmware:1.4:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_dcm:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcp_firmware:1.2:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_dcp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g110m_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g110m_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g110m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g120\\(c\\/p\\/d\\)_pn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g120\\(c\\/p\\/d\\)_pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g130_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g130_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g130:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g150_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s110_pn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s110_pn_firmware:4.4:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_s110_pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s120_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s120_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s150_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_s150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_v90_pn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.01", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_v90_pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simotion_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:simotion_firmware:4.5:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simotion:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_firmware:4.5:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_828d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:4.5:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_multi_panels:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_multi_panels:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_mobile_panels:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_mobile_panels:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-1_irc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.82", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-1_irc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-1_iec_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-1_iec:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-1_dnp3_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-1_dnp3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cm_1542sp-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.15", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cm_1542sp-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:simatic_s7-1500_software_controller:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_828d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_tdc_cpu555_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_tdc_cpu555:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_tdc_cp51m1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-2681" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Duan JinTong, Ma ShaoShuai, and Cheng Lei from NSFOCUS Security Team.", "sources": [ { "db": "BID", "id": "98369" } ], "trust": 0.3 }, "cve": "CVE-2017-2681", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Adjacent Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 6.1, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2017-2681", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "id": "CNVD-2017-06153", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "id": "33467505-7492-4ae1-b978-12f61201709a", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "id": "VHN-110884", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Adjacent Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2017-2681", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-2681", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2017-06153", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201705-639", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "33467505-7492-4ae1-b978-12f61201709a", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-110884", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "33467505-7492-4ae1-b978-12f61201709a" }, { "db": "CNVD", "id": "CNVD-2017-06153" }, { "db": "VULHUB", "id": "VHN-110884" }, { "db": "JVNDB", "id": "JVNDB-2017-004135" }, { "db": "NVD", "id": "CVE-2017-2681" }, { "db": "CNNVD", "id": "CNNVD-201705-639" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Specially crafted PROFINET DCP packets sent on a local Ethernet segment (Layer 2) to an affected product could cause a denial of service condition of that product. Human interaction is required to recover the system. PROFIBUS interfaces are not affected. This vulnerability affects only SIMATIC HMI Multi Panels and HMI Mobile Panels, and S7-300/S7-400 devices. SIMATIC HMI is an industrial device from Siemens AG, Germany. The SIMATIC HMI panels are used for operator control and monitoring of machines and equipment. Multiple Siemens Products is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause a denial-of-service condition. Manual restart of the server is required to resume normal operation. A vulnerability has been identified in SIMATIC CP 343-1 Std (All versions), SIMATIC CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std (All versions \u003c V3.2.17), SIMATIC CP 443-1 Adv (All versions \u003c V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions \u003c V2.1.82), SIMATIC CP 1243-1 IRC (All versions \u003c V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions \u003c V2.0), SIMATIC CM 1542SP-1 (All versions \u003c V1.0.15), SIMATIC CP 1542SP-1 IRC (All versions \u003c V1.0.15), SIMATIC CP 1543SP-1 (All versions \u003c V1.0.15), SIMATIC CP 1543-1 (All versions \u003c V2.1), SIMATIC RF650R (All versions \u003c V3.0), SIMATIC RF680R (All versions \u003c V3.0), SIMATIC RF685R (All versions \u003c V3.0), SIMATIC CP 1616 (All versions \u003c V2.7), SIMATIC CP 1604 (All versions \u003c V2.7), SIMATIC DK-16xx PN IO (All versions \u003c V2.7), SCALANCE X-200 (All versions \u003c V5.2.2), SCALANCE X-200 IRT (All versions), SCALANCE X-300/X408 (All versions \u003c V4.1.0), SCALANCE X414 (All versions \u003c V3.10.2), SCALANCE XM400 (All versions \u003c V6.1), SCALANCE XR500 (All versions \u003c V6.1), SCALANCE W700 (All versions \u003c V6.1), SCALANCE M-800, S615 (All versions \u003c V4.03), Softnet PROFINET IO for PC-based Windows systems (All versions \u003c V14 SP1), IE/PB-Link (All versions \u003c V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions \u003c V1.2.0), SITOP UPS1600 PROFINET (All versions \u003c V2.2.0), SIMATIC ET 200AL (All versions \u003c V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM155-5 PN BA (All versions \u003c V4.0.1), SIMATIC ET 200MP IM155-5 PN ST (All versions \u003c V4.1), SIMATIC ET 200MP (except IM155-5 PN BA and IM155-5 PN ST) (All versions), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM155-6 PN ST (All versions \u003c V4.1.0), SIMATIC ET 200SP (except IM155-6 PN ST) (All versions), SIMATIC PN/PN Coupler (All versions \u003c V4.0), Development/Evaluation Kit DK Standard Ethernet Controller (All versions \u003c V4.1.1 Patch04), Development/Evaluation Kit EK-ERTEC 200P (All versions \u003c V4.4.0 Patch01), Development/Evaluation Kit EK-ERTEC 200 (All versions \u003c V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions \u003c V2.3), SIMATIC S7-300 incl. F and T (All versions \u003c V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions \u003c V6.0.6), SIMATIC S7-400-H V6 (All versions \u003c V6.0.7), SIMATIC S7-400 PN/DP V7 Incl. F (All versions \u003c V7.0.2), SIMATIC S7-410 (All versions \u003c V8.2), SIMATIC S7-1200 incl. F (All versions \u003c V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions \u003c V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions \u003c V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft Starter 3RW44 PN (All versions), SIRIUS Motor Starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions \u003c V2.0.0), SINAMICS DCM w. PN (All versions \u003c V1.4 SP1 HF5), SINAMICS DCP w. PN (All versions \u003c V1.2 HF 1), SINAMICS G110M w. PN (All versions \u003c V4.7 SP6 HF3), SINAMICS G120(C/P/D) w. PN (All versions \u003c V4.7 SP6 HF3), SINAMICS G130 V4.7 w. PN (All versions \u003c V4.7 HF27), SINAMICS G150 V4.7 w. PN (V4.7: All versions \u003c V4.7 HF27), SINAMICS G130 V4.8 w. PN (All versions \u003c V4.8 HF4), SINAMICS G150 V4.8 w. PN (All versions \u003c V4.8 HF4), SINAMICS S110 w. PN (All versions \u003c V4.4 SP3 HF5), SINAMICS S120 V4.7 w. PN (All versions \u003c V4.7 HF27), and others. Siemens SIMATIC S7-300 F, etc. Siemens SIMATIC S7-300 F is a process controller. SIMATIC HMI Comfort Panels are touch screens", "sources": [ { "db": "NVD", "id": "CVE-2017-2681" }, { "db": "JVNDB", "id": "JVNDB-2017-004135" }, { "db": "CNVD", "id": "CNVD-2017-06153" }, { "db": "BID", "id": "98369" }, { "db": "IVD", "id": "33467505-7492-4ae1-b978-12f61201709a" }, { "db": "VULHUB", "id": "VHN-110884" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-2681", "trust": 3.6 }, { "db": "SIEMENS", "id": "SSA-293562", "trust": 2.6 }, { "db": "BID", "id": "98369", "trust": 2.0 }, { "db": "SECTRACK", "id": "1038463", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-17-129-02", "trust": 1.7 }, { "db": "CNVD", "id": "CNVD-2017-06153", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201705-639", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-004135", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-18-023-02", "trust": 0.3 }, { "db": "SIEMENS", "id": "SSA-284673", "trust": 0.3 }, { "db": "IVD", "id": "33467505-7492-4AE1-B978-12F61201709A", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-110884", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "33467505-7492-4ae1-b978-12f61201709a" }, { "db": "CNVD", "id": "CNVD-2017-06153" }, { "db": "VULHUB", "id": "VHN-110884" }, { "db": "BID", "id": "98369" }, { "db": "JVNDB", "id": "JVNDB-2017-004135" }, { "db": "NVD", "id": "CVE-2017-2681" }, { "db": "CNNVD", "id": "CNNVD-201705-639" } ] }, "id": "VAR-201705-3221", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "33467505-7492-4ae1-b978-12f61201709a" }, { "db": "CNVD", "id": "CNVD-2017-06153" }, { "db": "VULHUB", "id": "VHN-110884" } ], "trust": 1.4971765550000002 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "33467505-7492-4ae1-b978-12f61201709a" }, { "db": "CNVD", "id": "CNVD-2017-06153" } ] }, "last_update_date": "2023-12-18T12:51:14.181000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-293562", "trust": 0.8, "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf" }, { "title": "Patch for Siemens SIMATIC HMI Denial of Service Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/93365" }, { "title": "Multiple Siemens Product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70109" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-06153" }, { "db": "JVNDB", "id": "JVNDB-2017-004135" }, { "db": "CNNVD", "id": "CNNVD-201705-639" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-110884" }, { "db": "JVNDB", "id": "JVNDB-2017-004135" }, { "db": "NVD", "id": "CVE-2017-2681" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/98369" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1038463" }, { "trust": 1.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-129-02" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2681" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2681" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-17-129-02" }, { "trust": 0.3, "url": "http://subscriber.communications.siemens.com/" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-023-02" }, { "trust": 0.3, "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-06153" }, { "db": "VULHUB", "id": "VHN-110884" }, { "db": "BID", "id": "98369" }, { "db": "JVNDB", "id": "JVNDB-2017-004135" }, { "db": "NVD", "id": "CVE-2017-2681" }, { "db": "CNNVD", "id": "CNNVD-201705-639" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "33467505-7492-4ae1-b978-12f61201709a" }, { "db": "CNVD", "id": "CNVD-2017-06153" }, { "db": "VULHUB", "id": "VHN-110884" }, { "db": "BID", "id": "98369" }, { "db": "JVNDB", "id": "JVNDB-2017-004135" }, { "db": "NVD", "id": "CVE-2017-2681" }, { "db": "CNNVD", "id": "CNNVD-201705-639" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-05-09T00:00:00", "db": "IVD", "id": "33467505-7492-4ae1-b978-12f61201709a" }, { "date": "2017-05-09T00:00:00", "db": "CNVD", "id": "CNVD-2017-06153" }, { "date": "2017-05-11T00:00:00", "db": "VULHUB", "id": "VHN-110884" }, { "date": "2017-05-08T00:00:00", "db": "BID", "id": "98369" }, { "date": "2017-06-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-004135" }, { "date": "2017-05-11T10:29:00.180000", "db": "NVD", "id": "CVE-2017-2681" }, { "date": "2017-05-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201705-639" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-05-09T00:00:00", "db": "CNVD", "id": "CNVD-2017-06153" }, { "date": "2020-09-29T00:00:00", "db": "VULHUB", "id": "VHN-110884" }, { "date": "2018-05-09T14:00:00", "db": "BID", "id": "98369" }, { "date": "2017-09-11T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-004135" }, { "date": "2022-04-12T18:29:19.557000", "db": "NVD", "id": "CVE-2017-2681" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201705-639" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201705-639" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens SIMATIC HMI Denial of service vulnerability", "sources": [ { "db": "IVD", "id": "33467505-7492-4ae1-b978-12f61201709a" }, { "db": "CNVD", "id": "CNVD-2017-06153" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201705-639" } ], "trust": 0.6 } }
var-201611-0024
Vulnerability from variot
A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Users with elevated privileges to TIA-Portal and project data on the engineering station could possibly get privileged access on affected devices. SIEMENSSIMATICCP1543-1 is a communication processor that integrates security functions such as firewall, VPN, security protocol, data encryption, etc. It provides network connection and secure communication of s7-1500 controller. A privilege elevation vulnerability exists in the SIEMENSSIMATICCP1543-1 device. A remote attacker exploits the vulnerability to gain access to the affected device through access to TIA-Portal and project-data. Siemens SIMATIC CP 1543-1 is prone to a privilege-escalation vulnerability and a denial-of-service vulnerability. Siemens SIMATIC CP 1543-1 is a controller of Germany's Siemens (Siemens) company that is used to connect communication processors to Ethernet and provides integrated security functions
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201611-0024", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic cp 1543-1", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543-1", "scope": "lt", "trust": 0.8, "vendor": "siemens", "version": "2.0.28" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1543-1\u003c2.0.28" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1543-10" }, { "model": "simatic cp", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1543-12.0.28" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1543 1", "version": null } ], "sources": [ { "db": "IVD", "id": "cf476d4b-a6ae-454e-a1a0-20dc02bd0c3b" }, { "db": "CNVD", "id": "CNVD-2016-11369" }, { "db": "BID", "id": "94436" }, { "db": "JVNDB", "id": "JVNDB-2016-005920" }, { "db": "NVD", "id": "CVE-2016-8561" }, { "db": "CNNVD", "id": "CNNVD-201611-447" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2016-8561" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "These vulnerabilities were coordinated directly with Siemens by SOGETI and Agence nationale de la s\u00e9curit\u00e9 des syst\u00e8mes d\u2019information (ANSSI).", "sources": [ { "db": "CNNVD", "id": "CNNVD-201611-447" } ], "trust": 0.6 }, "cve": "CVE-2016-8561", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.8, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.0, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2016-8561", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "MULTIPLE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.2, "id": "CNVD-2016-11369", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:H/Au:M/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "MULTIPLE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.2, "id": "cf476d4b-a6ae-454e-a1a0-20dc02bd0c3b", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:N/AC:H/Au:M/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 6.8, "id": "VHN-97381", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 0.7, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.6, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2016-8561", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "High", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2016-8561", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2016-11369", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201611-447", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "cf476d4b-a6ae-454e-a1a0-20dc02bd0c3b", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-97381", "trust": 0.1, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2016-8561", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "cf476d4b-a6ae-454e-a1a0-20dc02bd0c3b" }, { "db": "CNVD", "id": "CNVD-2016-11369" }, { "db": "VULHUB", "id": "VHN-97381" }, { "db": "VULMON", "id": "CVE-2016-8561" }, { "db": "JVNDB", "id": "JVNDB-2016-005920" }, { "db": "NVD", "id": "CVE-2016-8561" }, { "db": "CNNVD", "id": "CNNVD-201611-447" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC CP 1543-1 (All versions \u003c V2.0.28), SIPLUS NET CP 1543-1 (All versions \u003c V2.0.28). Users with elevated privileges to TIA-Portal and project data on the engineering station could possibly get privileged access on affected devices. SIEMENSSIMATICCP1543-1 is a communication processor that integrates security functions such as firewall, VPN, security protocol, data encryption, etc. It provides network connection and secure communication of s7-1500 controller. A privilege elevation vulnerability exists in the SIEMENSSIMATICCP1543-1 device. A remote attacker exploits the vulnerability to gain access to the affected device through access to TIA-Portal and project-data. Siemens SIMATIC CP 1543-1 is prone to a privilege-escalation vulnerability and a denial-of-service vulnerability. Siemens SIMATIC CP 1543-1 is a controller of Germany\u0027s Siemens (Siemens) company that is used to connect communication processors to Ethernet and provides integrated security functions", "sources": [ { "db": "NVD", "id": "CVE-2016-8561" }, { "db": "JVNDB", "id": "JVNDB-2016-005920" }, { "db": "CNVD", "id": "CNVD-2016-11369" }, { "db": "BID", "id": "94436" }, { "db": "IVD", "id": "cf476d4b-a6ae-454e-a1a0-20dc02bd0c3b" }, { "db": "VULHUB", "id": "VHN-97381" }, { "db": "VULMON", "id": "CVE-2016-8561" } ], "trust": 2.79 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2016-8561", "trust": 3.7 }, { "db": "ICS CERT", "id": "ICSA-16-327-01", "trust": 2.9 }, { "db": "BID", "id": "94436", "trust": 2.7 }, { "db": "SIEMENS", "id": "SSA-672373", "trust": 2.7 }, { "db": "CNVD", "id": "CNVD-2016-11369", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201611-447", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2016-005920", "trust": 0.8 }, { "db": "IVD", "id": "CF476D4B-A6AE-454E-A1A0-20DC02BD0C3B", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-97381", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2016-8561", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "cf476d4b-a6ae-454e-a1a0-20dc02bd0c3b" }, { "db": "CNVD", "id": "CNVD-2016-11369" }, { "db": "VULHUB", "id": "VHN-97381" }, { "db": "VULMON", "id": "CVE-2016-8561" }, { "db": "BID", "id": "94436" }, { "db": "JVNDB", "id": "JVNDB-2016-005920" }, { "db": "NVD", "id": "CVE-2016-8561" }, { "db": "CNNVD", "id": "CNNVD-201611-447" } ] }, "id": "VAR-201611-0024", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "cf476d4b-a6ae-454e-a1a0-20dc02bd0c3b" }, { "db": "CNVD", "id": "CNVD-2016-11369" }, { "db": "VULHUB", "id": "VHN-97381" } ], "trust": 1.78461536 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS", "Network device" ], "sub_category": null, "trust": 0.6 }, { "category": [ "ICS" ], "sub_category": null, "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "cf476d4b-a6ae-454e-a1a0-20dc02bd0c3b" }, { "db": "CNVD", "id": "CNVD-2016-11369" } ] }, "last_update_date": "2023-12-18T13:34:24.662000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-672373", "trust": 0.8, "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf" }, { "title": "SIEMENSSIMATICCP1543-1 device privilege escalation vulnerability patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/84112" }, { "title": "Siemens SIMATIC CP 1543-1 Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65785" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-11369" }, { "db": "JVNDB", "id": "JVNDB-2016-005920" }, { "db": "CNNVD", "id": "CNNVD-201611-447" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-264", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-97381" }, { "db": "JVNDB", "id": "JVNDB-2016-005920" }, { "db": "NVD", "id": "CVE-2016-8561" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.9, "url": "https://ics-cert.us-cert.gov/advisories/icsa-16-327-01" }, { "trust": 2.7, "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-672373.pdf" }, { "trust": 1.9, "url": "http://www.securityfocus.com/bid/94436" }, { "trust": 1.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-672373.pdf" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8561" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-8561" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-16-327-01" }, { "trust": 0.3, "url": "http://www.siemens.com/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/264.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-16-327-01" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2016-11369" }, { "db": "VULHUB", "id": "VHN-97381" }, { "db": "VULMON", "id": "CVE-2016-8561" }, { "db": "BID", "id": "94436" }, { "db": "JVNDB", "id": "JVNDB-2016-005920" }, { "db": "NVD", "id": "CVE-2016-8561" }, { "db": "CNNVD", "id": "CNNVD-201611-447" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "cf476d4b-a6ae-454e-a1a0-20dc02bd0c3b" }, { "db": "CNVD", "id": "CNVD-2016-11369" }, { "db": "VULHUB", "id": "VHN-97381" }, { "db": "VULMON", "id": "CVE-2016-8561" }, { "db": "BID", "id": "94436" }, { "db": "JVNDB", "id": "JVNDB-2016-005920" }, { "db": "NVD", "id": "CVE-2016-8561" }, { "db": "CNNVD", "id": "CNNVD-201611-447" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-11-21T00:00:00", "db": "IVD", "id": "cf476d4b-a6ae-454e-a1a0-20dc02bd0c3b" }, { "date": "2016-11-21T00:00:00", "db": "CNVD", "id": "CNVD-2016-11369" }, { "date": "2016-11-18T00:00:00", "db": "VULHUB", "id": "VHN-97381" }, { "date": "2016-11-18T00:00:00", "db": "VULMON", "id": "CVE-2016-8561" }, { "date": "2016-11-18T00:00:00", "db": "BID", "id": "94436" }, { "date": "2016-11-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-005920" }, { "date": "2016-11-18T21:59:00.330000", "db": "NVD", "id": "CVE-2016-8561" }, { "date": "2016-11-22T00:00:00", "db": "CNNVD", "id": "CNNVD-201611-447" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-11-21T00:00:00", "db": "CNVD", "id": "CNVD-2016-11369" }, { "date": "2016-12-22T00:00:00", "db": "VULHUB", "id": "VHN-97381" }, { "date": "2022-04-12T00:00:00", "db": "VULMON", "id": "CVE-2016-8561" }, { "date": "2016-11-24T00:16:00", "db": "BID", "id": "94436" }, { "date": "2016-11-24T00:00:00", "db": "JVNDB", "id": "JVNDB-2016-005920" }, { "date": "2022-04-12T10:15:09.470000", "db": "NVD", "id": "CVE-2016-8561" }, { "date": "2022-04-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201611-447" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201611-447" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "SIEMENS SIMATIC CP 1543-1 Device Privilege Escalation Vulnerability", "sources": [ { "db": "IVD", "id": "cf476d4b-a6ae-454e-a1a0-20dc02bd0c3b" }, { "db": "CNVD", "id": "CNVD-2016-11369" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201611-447" } ], "trust": 0.6 } }
var-202207-0622
Vulnerability from variot
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). The application lacks proper validation of user-supplied data when parsing specific messages. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of device. The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect the SIMATIC S7-1200 controllers to a wide area network (WAN). They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or ST7 master via the SINAUT ST7 telecontrol protocol. The SIMATIC CP 1543-1 communications processor connects the SIMATIC S7-1500 controller to Ethernet. They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1543SP-1, CP 1542SP-1 and CP 1542SP-1 IRC communication processors connect the SIMATIC ET 200SP controllers to Ethernet. The SIMATIC CP 1543SP-1 and CP 1542SP-1 IRC communication processors also offer integrated security functions such as firewalls, virtual private networks (VPN) or support for other data encryption protocols. SIPLUSextreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware on which they are based
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202207-0622", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic cp 1542sp-1 irc", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "simatic cp 1543sp-1", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1542sp-1 irc tx rail", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1543sp-1 isec", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "siplus et 200sp cp 1543sp-1 isec tx rail", "scope": "gte", "trust": 1.6, "vendor": "siemens", "version": "2.0" }, { "model": "simatic cp 1242-7 v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-8 irc", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus net cp 1242-7 v2", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus s7-1200 cp 1243-1", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-7 lte eu", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "siplus net cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.22" }, { "model": "simatic cp 1243-7 lte us", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.22" }, { "model": "siplus s7-1200 cp 1243-1 rail", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp lte eu", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp lte us", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-7" }, { "model": "simatic cp irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-8" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1543-1\u003c3.0.22" }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1242-7v2" }, { "model": "siplus net cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1543-1\u003c3.0.22" }, { "model": "siplus s7-1200 cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "siplus s7-1200 cp rail", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51636" }, { "db": "NVD", "id": "CVE-2022-34819" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1242-7_v2_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1242-7_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_eu_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_eu:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte_us_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-7_lte_us:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-8_irc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-8_irc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.22", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1543sp-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1542sp-1_irc_tx_rail:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionStartIncluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:siplus_et_200sp_cp_1543sp-1_isec_tx_rail:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:siplus_net_cp_1242-7_v2_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:siplus_net_cp_1242-7_v2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.22", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:siplus_s7-1200_cp_1243-1_rail_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:siplus_s7-1200_cp_1243-1_rail:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2022-34819" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens reported these vulnerabilities to CISA.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-904" } ], "trust": 0.6 }, "cve": "CVE-2022-34819", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2022-51636", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2022-34819", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 2.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2022-34819", "trust": 1.0, "value": "CRITICAL" }, { "author": "productcert@siemens.com", "id": "CVE-2022-34819", "trust": 1.0, "value": "CRITICAL" }, { "author": "CNVD", "id": "CNVD-2022-51636", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202207-904", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULMON", "id": "CVE-2022-34819", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51636" }, { "db": "VULMON", "id": "CVE-2022-34819" }, { "db": "CNNVD", "id": "CNNVD-202207-904" }, { "db": "NVD", "id": "CVE-2022-34819" }, { "db": "NVD", "id": "CVE-2022-34819" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions \u003c V3.3.46), SIMATIC CP 1243-1 (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions \u003c V3.3.46), SIMATIC CP 1243-7 LTE US (All versions \u003c V3.3.46), SIMATIC CP 1243-8 IRC (All versions \u003c V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions \u003e= V2.0 \u003c V2.2.28), SIMATIC CP 1543-1 (All versions \u003c V3.0.22), SIMATIC CP 1543SP-1 (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions \u003e= V2.0 \u003c V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions \u003c V3.3.46), SIPLUS NET CP 1543-1 (All versions \u003c V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions \u003c V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions \u003c V3.3.46). The application lacks proper validation of user-supplied data when parsing specific messages. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of device. The SIMATIC CP 1242-7 and CP 1243-7 LTE communication processors connect the SIMATIC S7-1200 controllers to a wide area network (WAN). They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1243-8 IRC communication processor connects the SIMATIC S7-1200 controller to the control center or ST7 master via the SINAUT ST7 telecontrol protocol. The SIMATIC CP 1543-1 communications processor connects the SIMATIC S7-1500 controller to Ethernet. They provide integrated security features such as firewalls, virtual private networks (VPNs), and support other protocols with data encryption. The SIMATIC CP 1543SP-1, CP 1542SP-1 and CP 1542SP-1 IRC communication processors connect the SIMATIC ET 200SP controllers to Ethernet. The SIMATIC CP 1543SP-1 and CP 1542SP-1 IRC communication processors also offer integrated security functions such as firewalls, virtual private networks (VPN) or support for other data encryption protocols. SIPLUSextreme products are designed for reliable operation under extreme conditions and are based on SIMATIC, LOGO!, SITOP, SINAMICS, SIMOTION, SCALANCE or other devices. SIPLUS devices use the same firmware on which they are based", "sources": [ { "db": "NVD", "id": "CVE-2022-34819" }, { "db": "CNVD", "id": "CNVD-2022-51636" }, { "db": "VULMON", "id": "CVE-2022-34819" } ], "trust": 1.53 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "SIEMENS", "id": "SSA-517377", "trust": 2.3 }, { "db": "NVD", "id": "CVE-2022-34819", "trust": 2.3 }, { "db": "ICS CERT", "id": "ICSA-22-195-12", "trust": 0.7 }, { "db": "CNVD", "id": "CNVD-2022-51636", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022071333", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202207-904", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2022-34819", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51636" }, { "db": "VULMON", "id": "CVE-2022-34819" }, { "db": "CNNVD", "id": "CNNVD-202207-904" }, { "db": "NVD", "id": "CVE-2022-34819" } ] }, "id": "VAR-202207-0622", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2022-51636" } ], "trust": 1.3424043555555556 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51636" } ] }, "last_update_date": "2024-02-12T22:46:27.582000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Patch for Siemens SIMATIC CP SRCS VPN Feature Buffer Overflow Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/339686" }, { "title": "Multiple Siemens Product Buffer Error Vulnerability Fix", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228950" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51636" }, { "db": "CNNVD", "id": "CNNVD-202207-904" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-122", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2022-34819" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-517377.pdf" }, { "trust": 0.6, "url": "https://cert-portal.siemens.com/productcert/html/ssa-517377.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022071333" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2022-34819/" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/siemens-simatic-cp-three-vulnerabilities-via-srcs-vpn-38784" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-195-12" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/122.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-195-12" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2022-51636" }, { "db": "VULMON", "id": "CVE-2022-34819" }, { "db": "CNNVD", "id": "CNNVD-202207-904" }, { "db": "NVD", "id": "CVE-2022-34819" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2022-51636" }, { "db": "VULMON", "id": "CVE-2022-34819" }, { "db": "CNNVD", "id": "CNNVD-202207-904" }, { "db": "NVD", "id": "CVE-2022-34819" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-15T00:00:00", "db": "CNVD", "id": "CNVD-2022-51636" }, { "date": "2022-07-12T00:00:00", "db": "VULMON", "id": "CVE-2022-34819" }, { "date": "2022-07-12T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-904" }, { "date": "2022-07-12T10:15:12.293000", "db": "NVD", "id": "CVE-2022-34819" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-07-15T00:00:00", "db": "CNVD", "id": "CNVD-2022-51636" }, { "date": "2023-03-14T00:00:00", "db": "VULMON", "id": "CVE-2022-34819" }, { "date": "2023-03-15T00:00:00", "db": "CNNVD", "id": "CNNVD-202207-904" }, { "date": "2023-03-14T10:15:21.217000", "db": "NVD", "id": "CVE-2022-34819" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-904" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens SIMATIC CP SRCS VPN Feature Buffer Overflow Vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2022-51636" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-202207-904" } ], "trust": 0.6 } }
var-201705-3220
Vulnerability from variot
Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected. SIMATIC CP, SIMATIC RF600, SCALANCE W700, etc. are all industrial automation products from Siemens AG. A denial of service vulnerability exists in several industrial devices from Siemens. Multiple Siemens Products is prone to multiple denial-of-service vulnerabilities. Attackers can exploit these issues to cause a denial-of-service condition. Manual restart of the server is required to resume normal operation. SIEMENS SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions before V2.1.82), SIMATIC CP 1243-1 IRC (All versions before V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (All versions before to V1.0.15), SIMATIC CP 1543-1 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK-16xx PN IO (All versions before V2.7), SCALANCE X-200 (All versions before V5.2.2), SCALANCE X200 IRT (All versions before V5.4.0), SCALANCE X-300/X408 (All versions before V4.1.0), SCALANCE X414 (All versions before V3.10.2), SCALANCE XM400, XR500 (All versions before V6.1), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions before V04.03), Softnet PROFINET IO for PC-based Windows systems (All versions before V14 SP1), IE/PB-Link (All versions before V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions before V1.2.0), SITOP UPS1600 PROFINET (All versions before V2.2.0), SIMATIC ET 200AL (All versions before V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions before V4.1.0), SIMATIC PN/PN Coupler (All versions before V4.0), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EK-ERTEC 200P PN IO (All versions before V4.4.0 Patch01), EK-ERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions before V2.3), SIMATIC S7-300 incl. F and T (All versions before V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions before V6.0.6), SIMATIC S7-400-H V6 (All versions before V6.0.7), SIMATIC S7-400 PN/DP V7 incl. F (All versions), SIMATIC S7-CPU 410 (All versions before V8.2), SIMATIC S7-1200 incl. F (All versions before V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions before V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions before V1.4 SP1 HF5), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S110 w. PN (All versions before V4.4 SP1 HF5), SINAMICS S120 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS V90 w. PN (All versions before V1.1), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (All versions before V4.5 SP6 HF2 and V4.7 before SP6 HF8), SINUMERIK 840D sl (All versions before V4.5 SP6 HF8 and V4.7 before SP4 HF1), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet. Siemens SIMATIC S7-200 Smart, etc. Siemens SIMATIC S7-200 Smart is a programmable logic controller (PLC) used in small and medium-sized automation systems. Siemens SIMATIC CP 343-1 Advanced is an Ethernet communication module used to support PROFINET (a new generation of automation bus standard based on industrial Ethernet technology). SIRIUS Motor starter M200D PROFINET is a motor starter. The following products and versions are affected: Siemens Extension Unit 12\" PROFINET prior to V01.01.01; Extension Unit 15\" PROFINET prior to V01.01.01; Extension Unit 19\" PROFINET prior to V01.01.01; Extension Unit 22\" PROFINET SIMATIC CP 1242-7 GPRS V2 prior to V2.1.82; SIMATIC CP 1243-7 LTE/US prior to V2.1.82; SIMATIC CP 1243-8 prior to V2.1.82; SIMATIC CP 1626 V1.1 previous version
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3220", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "simatic dk-16xx pn io", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic rf685r", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic rf650r", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic rf680r", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543sp-1", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic cp 1542sp-1 irc", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "simatic cp 1542sp-1", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "scalance xr500", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "scalance s615", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "scalance m-800", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "scalance xm400", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "scalance w700", "scope": null, "trust": 1.4, "vendor": "siemens", "version": null }, { "model": "sinamics gm150", "scope": "eq", "trust": 1.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics gh150", "scope": "eq", "trust": 1.3, "vendor": "siemens", "version": "4.7" }, { "model": "simatic dk-1604 pn io", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7" }, { "model": "simatic cp 343-1 adv", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic tdc cp51m1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1.8" }, { "model": "simatic cp 1243-1 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1.82" }, { "model": "sinamics dcm", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.4" }, { "model": "sinamics g120\\ w. pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "sirius act 3su1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1.0" }, { "model": "simatic rf680r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic cp 1543sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.15" }, { "model": "simatic et 200al", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.2" }, { "model": "simatic cp 443-1 adv", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2.17" }, { "model": "scalance x414", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.10.2" }, { "model": "sinumerik 828d", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "sinumerik 840d sl", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "sinamics gl150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "softnet profinet io", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "14" }, { "model": "simatic et 200pro", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "ek-ertec 200 pn io", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.2.1" }, { "model": "simatic cp 1243-1 dnp3", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance x300", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1.0" }, { "model": "scalance s615", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.03" }, { "model": "sinamics s110 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.4" }, { "model": "simatic s7-400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.0.6" }, { "model": "simatic et 200m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "ups1600 profinet", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.2.0" }, { "model": "sinamics dcp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.2" }, { "model": "simotion", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "sinamics gm150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics dcm", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.4" }, { "model": "dk standard ethernet controller", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1.1" }, { "model": "sinamics s120", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics sl150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics g110m", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic cp 1242-7 gprs", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1.82" }, { "model": "sinamics g130", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic cp 1542sp-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.15" }, { "model": "extension unit 22 profinet", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "01.01.01" }, { "model": "scalance xr500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.1" }, { "model": "simatic s7-200 smart", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.3" }, { "model": "simatic et 200s", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cp 1243-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1.82" }, { "model": "sinamics sm120", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "ek-ertec 200p pn io", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.4.0" }, { "model": "simatic tdc cpu555", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1.1" }, { "model": "sinamics s110 pn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.4" }, { "model": "simatic cp 1616", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7" }, { "model": "sinamics s120", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics g150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "scalance w700", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.1" }, { "model": "sinamics gl150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics g110m", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sirius motor starter m200d profinet", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "softnet profinet io", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "14" }, { "model": "sinamics g130", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic cp 1243-7 lte\\/us", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1.82" }, { "model": "simatic et 200sp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1.0" }, { "model": "scalance xm400", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "6.1" }, { "model": "sirius soft starter 3rw44 pn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic hmi multi panels", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic winac rtx", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "2010" }, { "model": "simocode pro v profinet", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.0.0" }, { "model": "sinamics gh150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic hmi mobile panels", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "simatic rf650r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "simatic teleservice adapter ie basic", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "ek-ertec 200 pn io", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2.1" }, { "model": "sinamics s150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic cp 1243-8", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1.82" }, { "model": "sinamics g150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics sl150", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics sm120", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.8" }, { "model": "simatic cp 1626", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1" }, { "model": "simatic cp 343-1 lean", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.1.3" }, { "model": "ie\\/pb-link", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "scalance x200 irt", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.4.0" }, { "model": "pn\\/pn coupler", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0" }, { "model": "simatic cp 1604", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7" }, { "model": "simatic et 200ecopn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "ek-ertec 200p pn io", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.4.0" }, { "model": "ie\\/as-i link pn io", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic rf685r", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "sinumerik 828d", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "sinamics g120\\ w. pn", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics v90 pn", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.01" }, { "model": "extension unit 19 profinet", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "01.01.01" }, { "model": "simatic cp 443-1 std", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.2.17" }, { "model": "simatic teleservice adapter ie standard", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinamics s150", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.7" }, { "model": "simatic s7-300", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": null }, { "model": "extension unit 15 profinet", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "01.01.01" }, { "model": "simatic s7-1500", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "simatic cp 1243-1 iec", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic dk-1616 pn io", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.7" }, { "model": "scalance x200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.2.2" }, { "model": "simatic s7-1200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.2.1" }, { "model": "simatic cp 443-1 opc-ua", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "sinumerik 840d sl", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "simatic hmi comfort panels", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "15.1" }, { "model": "scalance m-800", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.03" }, { "model": "simatic cp 343-1 std", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.1.3" }, { "model": "simotion", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.5" }, { "model": "sinamics dcp", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "1.2" }, { "model": "scalance x408", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.1.0" }, { "model": "extension unit 12 profinet", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "01.01.01" }, { "model": "simatic s7-1500 software controller", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.1" }, { "model": "sitop psu8600", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.2.0" }, { "model": "dk standard ethernet controller", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "4.1.1" }, { "model": "simatic cp 1542sp-1 irc", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.15" }, { "model": "simatic et 200mp", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "4.0.1" }, { "model": "simatic teleservice adapter ie advanced", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "simatic cm 1542-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2.0" }, { "model": "simatic winac rtx", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "2010" }, { "model": "dk standard ethernet controller", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ek-ertec 200 pn io", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ek-ertec 200p pn io", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ie/as-i link pn io", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "ie/pb-link", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "pn/pn coupler", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance x200 irt", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance x200", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance x300", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance x408", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "scalance x414", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cm 1542-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1243-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543-1", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1604", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 1616", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 343-1 adv", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 343-1 lean", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 343-1 std", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 443-1 adv", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 443-1 opc-ua", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic cp 443-1 std", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200al", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200ecopn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200m", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200mp", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200pro", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200s", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic et 200sp", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic hmi comfort panels", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic hmi mobile panels", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic hmi multi panels", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-1200", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500 software controller", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-1500", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-200 smart", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-300", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic s7-400", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic teleservice adapter ie advanced", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic teleservice adapter ie basic", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic teleservice adapter standard modem", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simatic winac rtx 2010", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simocode pro v profinet", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "simotion", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics dcm", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics dcp", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics g110m", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics g120 w. pn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics g130", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics g150", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics s110 w. pn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics s120", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics s150", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinamics v90 w. pn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 828d", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sinumerik 840d sl", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sirius act 3su1 interface module profinet", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sirius motor starter m200d profinet", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sirius soft starter 3rw44 pn", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sitop psu8600", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "sitop ups1600 profinet", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "softnet profinet io", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "for pc-based windows systems firmware" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1616" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1604" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1543-1" }, { "model": "simatic cm", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1542-1" }, { "model": "simatic cp", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1243-1" }, { "model": "simatic cp opc-ua", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1" }, { "model": "simatic cp adv", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1" }, { "model": "simatic cp std", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "443-1" }, { "model": "simatic cp std", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "343-1" }, { "model": "simatic cp lean", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "343-1" }, { "model": "simatic cp adv", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "343-1" }, { "model": "scalance", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "x408" }, { "model": "scalance", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "x414" }, { "model": "scalance irt", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "x200" }, { "model": "scalance", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "x200" }, { "model": "scalance", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "x300" }, { "model": "simatic rf650r", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 443-1 opc-ua", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cm 1542-1", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 1542sp-1 irc", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 443-1 adv", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 343-1 std", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543-1", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 1543sp-1", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic cp 1542sp-1", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": "simatic rf680r", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": null }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "sinumerik 828d", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "sinumerik 840d sl", "version": "*" }, { "model": "ups1600 profinet", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "softnet profinet io", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sitop psu8600", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sirius soft starter 3rw44 pn", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sirius act 3su1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinumerik 840d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinumerik 828d", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinamics sm150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics sm120", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics sl150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7.5" }, { "model": "sinamics sl150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7.4" }, { "model": "sinamics sl150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics gl150", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simotion", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic winac rtx", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "20100" }, { "model": "simatic teleservice adapter standard modem", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-400", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-300", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-200 smart", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic rf685r", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic rf680r", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic rf650r", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic et", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "2000" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "443-10" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "343-10" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "16260" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "16160" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "16040" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1543-12.0.28" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1543-10" }, { "model": "simatic cp 1542sp-1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "simatic cp irc", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1243-80" }, { "model": "simatic cp lte eu/us", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1243-70" }, { "model": "simatic cp", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1243-10" }, { "model": "simatic cp gprs", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1242-7v20" }, { "model": "scalance xr500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "scalance xm400", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x4140" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x4084.0" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x4083.0" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x3000" }, { "model": "scalance irt", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x2000" }, { "model": "scalance", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "x2000" }, { "model": "scalance w700 series", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.4" }, { "model": "scalance w700 series", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.5.4" }, { "model": "scalance s615", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "scalance m-800", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "4.02" }, { "model": "scalance m-800", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "ie/as-i link pn io", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "extension unit profinet", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "22?0" }, { "model": "extension unit profinet", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "19?0" }, { "model": "extension unit profinet", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "15?0" }, { "model": "extension unit profinet", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "12?0" }, { "model": "e/pb-link", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "sinumerik 840d sl", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinumerik 828d", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.7" }, { "model": "sinamics sm120 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics sl150 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics gm150 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics gl150 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "sinamics gh150 sp2", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "4.8" }, { "model": "simatic rf685r", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "3.0" }, { "model": "simatic rf680r", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "3.0" }, { "model": "simatic cp", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "16162.7" }, { "model": "simatic cp 1604d", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "2.7" }, { "model": "simatic cp irc", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1243-82.1.82" }, { "model": "simatic cp lte eu/us", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1243-72.1.82" }, { "model": "simatic cp gprs", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1242-7v22.1.82" }, { "model": "simatic rf650r", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "3.0" }, { "model": "simatic cp", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "443-13.2.17" }, { "model": "simatic cp", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "15431.2.1" }, { "model": "simatic cm1542", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1.2" }, { "model": "scalance w700", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "6.1" }, { "model": "extension unit profinet", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "22?1.1.1" }, { "model": "extension unit profinet", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "19?1.1.1" }, { "model": "extension unit profinet", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "15?1.1.1" }, { "model": "extension unit profinet", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "12?1.1.1" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 343 1 std", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1542sp 1 irc", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1543sp 1", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1543 1", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf650r", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf680r", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic rf685r", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1616", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1604", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic dk 16xx pn io", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x200", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 343 1 lean", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x200 irt", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x300", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x408", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance x414", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance xm400", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance xr500", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance w700", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance m 800", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "scalance s615", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "softnet profinet io", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 343 1 adv", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ie pb link", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ie as i link pn io", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic teleservice adapter standard modem", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic teleservice adapter ie basic modem", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic teleservice adapter ie advanced modem", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sitop psu8600", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ups1600 profinet", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200al", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200ecopn", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200m", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 443 1 std", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200mp", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200pro", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200s", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic et 200sp", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "pn pn coupler", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "dk standard ethernet controller", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ek ertec 200p pn io", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "ek ertec 200 pn io", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 200 smart", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 300", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 443 1 adv", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 400", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1200", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic s7 1500 controller", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic winac rtx 2010", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sirius act 3su1", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sirius soft starter 3rw44 pn", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sirius motor starter m200d profinet", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simocode pro v profinet", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics dcm", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 443 1 opc ua", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics dcp", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g110m", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g120 c p d w pn", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g130", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics g150", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s110 w pn", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s120", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics s150", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "sinamics v90 w pn", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simotion", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1243 1", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi comfort panels", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi multi panels", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic hmi mobile panels", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cm 1542 1", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "simatic cp 1542sp 1", "version": null } ], "sources": [ { "db": "IVD", "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4" }, { "db": "CNVD", "id": "CNVD-2017-06151" }, { "db": "BID", "id": "98369" }, { "db": "JVNDB", "id": "JVNDB-2017-004134" }, { "db": "NVD", "id": "CVE-2017-2680" }, { "db": "CNNVD", "id": "CNNVD-201705-574" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_343-1_std_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.1.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_343-1_std:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_343-1_lean_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.1.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_343-1_lean:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_343-1_adv_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_343-1_adv:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_443-1_std_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_443-1_std:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_443-1_adv_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.2.17", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_443-1_adv:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_443-1_opc-ua_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_443-1_opc-ua:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.82", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cm_1542-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cm_1542-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.15", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1542sp-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1542sp-1_irc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.15", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1542sp-1_irc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1543sp-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.15", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1543sp-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_rf650r_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_rf650r:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_rf680r_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_rf680r:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_rf685r_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_rf685r:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1616_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1616:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1604_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1604:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_dk-1616_pn_io_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_dk-1616_pn_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x200_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.2.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x200_irt_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.4.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x200_irt:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x300_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x408_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x408:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_x414_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.10.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_x414:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_xm400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_xm400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_xr500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_xr500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_w700_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_w700:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.03", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_m-800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.03", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:softnet_profinet_io_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:softnet_profinet_io_firmware:14:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:softnet_profinet_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ie\\/pb-link_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ie\\/pb-link:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ie\\/as-i_link_pn_io_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ie\\/as-i_link_pn_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_standard_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_standard:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_basic_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_basic:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_teleservice_adapter_ie_advanced_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_teleservice_adapter_ie_advanced_modem:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sitop_psu8600_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sitop_psu8600:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ups1600_profinet_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.2.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ups1600_profinet:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200al_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.2", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200al:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200ecopn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200ecopn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200m_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200mp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.0.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200mp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200pro_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200pro:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200s_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_et_200sp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_et_200sp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:pn\\/pn_coupler_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:pn\\/pn_coupler:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.1.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:dk_standard_ethernet_controller_firmware:4.1.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:dk_standard_ethernet_controller:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200p_pn_io_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200p_pn_io_firmware:4.4.0:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ek-ertec_200p_pn_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200_pn_io_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:ek-ertec_200_pn_io_firmware:4.2.1:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ek-ertec_200_pn_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-200_smart_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.3", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-200_smart:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-300_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-300:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-400_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.0.6", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1200_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.2.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1200:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_s7-1500_software_controller_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_s7-1500_software_controller:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2010", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:simatic_winac_rtx_firmware:2010:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_winac_rtx:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sirius_act_3su1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sirius_act_3su1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sirius_soft_starter_3rw44_pn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sirius_soft_starter_3rw44_pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sirius_motor_starter_m200d_profinet_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sirius_motor_starter_m200d_profinet:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simocode_pro_v_profinet_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simocode_pro_v_profinet:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcm_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcm_firmware:1.4:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcm_firmware:1.4:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_dcm:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcp_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_dcp_firmware:1.2:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_dcp:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g110m_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g110m_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g110m:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g120\\(c\\/p\\/d\\)_w._pn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g120\\(c\\/p\\/d\\)_w._pn_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g120\\(c\\/p\\/d\\)_w._pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g130_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g130_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g130:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_g150_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_g150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics__s110_pn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics__s110_pn_firmware:4.4:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:_s110_pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s120_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s120_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_s120:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_s150_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_s150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_v90_pn_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.01", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_v90_pn:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simotion_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:simotion_firmware:4.5:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simotion:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_828d_firmware:4.5:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_828d:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinumerik_840d_sl_firmware:4.5:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinumerik_840d_sl:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_comfort_panels:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_comfort_panels:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_multi_panels:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_multi_panels:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_hmi_mobile_panels:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "15.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_hmi_mobile_panels:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-1_irc_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.82", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-1_irc:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-1_iec_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-1_iec:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-1_dnp3_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-1_dnp3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_dk-1604_pn_io_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.7", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_dk-1604_pn_io:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_tdc_cpu555_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_tdc_cpu555:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_tdc_cp51m1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1.8", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_tdc_cp51m1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_gh150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_gh150_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_gh150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_gl150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_gl150_firmware:4.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_gl150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_gm150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_gm150_firmware:4.7:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_gm150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_sl150_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_sl150_firmware:4.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_sl150:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_sm120_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "4.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:siemens:sinamics_sm120_firmware:4.8:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:sinamics_sm120:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:extension_unit_12_profinet_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "01.01.01", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:extension_unit_12_profinet:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:extension_unit_15_profinet_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "01.01.01", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:extension_unit_15_profinet:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:extension_unit_19_profinet_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "01.01.01", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:extension_unit_19_profinet:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:extension_unit_22_profinet_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "01.01.01", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:extension_unit_22_profinet:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1242-7_gprs_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.82", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1242-7_gprs:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-7_lte\\/us_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.82", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-7_lte\\/us:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1243-8_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "2.1.82", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1243-8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1626_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1626:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2017-2680" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Duan JinTong, Ma ShaoShuai, and Cheng Lei from NSFOCUS Security Team.", "sources": [ { "db": "BID", "id": "98369" } ], "trust": 0.3 }, "cve": "CVE-2017-2680", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "impactScore": 6.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Adjacent Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 6.1, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2017-2680", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "id": "CNVD-2017-06151", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "exploitabilityScore": 6.5, "id": "VHN-110883", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Adjacent Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2017-2680", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2017-2680", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2017-06151", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201705-574", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-110883", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4" }, { "db": "CNVD", "id": "CNVD-2017-06151" }, { "db": "VULHUB", "id": "VHN-110883" }, { "db": "JVNDB", "id": "JVNDB-2017-004134" }, { "db": "NVD", "id": "CVE-2017-2680" }, { "db": "CNNVD", "id": "CNNVD-201705-574" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Specially crafted PROFINET DCP broadcast packets could cause a denial of service condition of affected products on a local Ethernet segment (Layer 2). Human interaction is required to recover the systems. PROFIBUS interfaces are not affected. SIMATIC CP, SIMATIC RF600, SCALANCE W700, etc. are all industrial automation products from Siemens AG. A denial of service vulnerability exists in several industrial devices from Siemens. Multiple Siemens Products is prone to multiple denial-of-service vulnerabilities. \nAttackers can exploit these issues to cause a denial-of-service condition. Manual restart of the server is required to resume normal operation. SIEMENS SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP 343-1 Adv (All versions), SIMATIC CP 443-1 Std, CP 443-1 Adv (All versions before V3.2.17), SIMATIC CP 443-1 OPC-UA (All versions), SIMATIC CP 1243-1 (All versions before V2.1.82), SIMATIC CP 1243-1 IRC (All versions before V2.1.82), SIMATIC CP 1243-1 IEC (All versions), SIMATIC CP 1243-1 DNP3 (All versions), SIMATIC CM 1542-1 (All versions before V2.0), SIMATIC CP 1542SP-1, CP 1542SP-1 IRC, and CP 1543SP-1 (All versions before to V1.0.15), SIMATIC CP 1543-1 (All versions before V2.1), SIMATIC RF650R, RF680R, RF685R (All versions before V3.0), SIMATIC CP 1616, CP 1604, DK-16xx PN IO (All versions before V2.7), SCALANCE X-200 (All versions before V5.2.2), SCALANCE X200 IRT (All versions before V5.4.0), SCALANCE X-300/X408 (All versions before V4.1.0), SCALANCE X414 (All versions before V3.10.2), SCALANCE XM400, XR500 (All versions before V6.1), SCALANCE W700 (All versions before V6.1), SCALANCE M-800, S615 (All versions before V04.03), Softnet PROFINET IO for PC-based Windows systems (All versions before V14 SP1), IE/PB-Link (All versions before V3.0), IE/AS-i Link PN IO (All versions), SIMATIC Teleservice Adapter Standard Modem, IE Basic, IE Advanced (All versions), SITOP PSU8600 PROFINET (All versions before V1.2.0), SITOP UPS1600 PROFINET (All versions before V2.2.0), SIMATIC ET 200AL (All versions before V1.0.2), SIMATIC ET 200ecoPN (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP (All versions before V4.0.1), SIMATIC ET 200pro (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP (All versions before V4.1.0), SIMATIC PN/PN Coupler (All versions before V4.0), DK Standard Ethernet Controller (All versions before V4.1.1 Patch04), EK-ERTEC 200P PN IO (All versions before V4.4.0 Patch01), EK-ERTEC 200 PN IO (All versions before V4.2.1 Patch03), SIMATIC S7-200 SMART (All versions before V2.3), SIMATIC S7-300 incl. F and T (All versions before V3.X.14), SIMATIC S7-400 PN/DP V6 Incl. F (All versions before V6.0.6), SIMATIC S7-400-H V6 (All versions before V6.0.7), SIMATIC S7-400 PN/DP V7 incl. F (All versions), SIMATIC S7-CPU 410 (All versions before V8.2), SIMATIC S7-1200 incl. F (All versions before V4.2.1), SIMATIC S7-1500 incl. F, T, and TF (All versions before V2.1), SIMATIC S7-1500 Software Controller incl. F (All versions before V2.1), SIMATIC WinAC RTX 2010 incl. F (All versions), SIRIUS ACT 3SU1 interface module PROFINET (All versions), SIRIUS Soft starter 3RW44 PN (All versions), SIRIUS Motor starter M200D PROFINET (All versions), SIMOCODE pro V PROFINET (All versions), SINAMICS DCM (All versions before V1.4 SP1 HF5), SINAMICS DCP (All versions), SINAMICS G110M / G120(C/P/D) w. PN (All versions before V4.7 SP6 HF3), SINAMICS G130 and G150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S110 w. PN (All versions before V4.4 SP1 HF5), SINAMICS S120 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS S150 (All versions before V4.7 HF27 and V4.8 before HF4), SINAMICS V90 w. PN (All versions before V1.1), SIMOTION (All versions before V4.5 HF1), SINUMERIK 828D (All versions before V4.5 SP6 HF2 and V4.7 before SP6 HF8), SINUMERIK 840D sl (All versions before V4.5 SP6 HF8 and V4.7 before SP4 HF1), SIMATIC HMI Comfort Panels, HMI Multi Panels, HMI Mobile Panels (All versions) could be affected by a Denial-of-Service condition induced by a specially crafted PROFINET DCP broadcast (Layer 2 - Ethernet) packet. Siemens SIMATIC S7-200 Smart, etc. Siemens SIMATIC S7-200 Smart is a programmable logic controller (PLC) used in small and medium-sized automation systems. Siemens SIMATIC CP 343-1 Advanced is an Ethernet communication module used to support PROFINET (a new generation of automation bus standard based on industrial Ethernet technology). SIRIUS Motor starter M200D PROFINET is a motor starter. The following products and versions are affected: Siemens Extension Unit 12\\\" PROFINET prior to V01.01.01; Extension Unit 15\\\" PROFINET prior to V01.01.01; Extension Unit 19\\\" PROFINET prior to V01.01.01; Extension Unit 22\\\" PROFINET SIMATIC CP 1242-7 GPRS V2 prior to V2.1.82; SIMATIC CP 1243-7 LTE/US prior to V2.1.82; SIMATIC CP 1243-8 prior to V2.1.82; SIMATIC CP 1626 V1.1 previous version", "sources": [ { "db": "NVD", "id": "CVE-2017-2680" }, { "db": "JVNDB", "id": "JVNDB-2017-004134" }, { "db": "CNVD", "id": "CNVD-2017-06151" }, { "db": "BID", "id": "98369" }, { "db": "IVD", "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4" }, { "db": "VULHUB", "id": "VHN-110883" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2017-2680", "trust": 3.6 }, { "db": "ICS CERT", "id": "ICSA-18-023-02", "trust": 2.8 }, { "db": "SIEMENS", "id": "SSA-293562", "trust": 2.6 }, { "db": "SIEMENS", "id": "SSA-284673", "trust": 2.0 }, { "db": "BID", "id": "98369", "trust": 2.0 }, { "db": "SIEMENS", "id": "SSA-546832", "trust": 1.7 }, { "db": "SECTRACK", "id": "1038463", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-17-129-02", "trust": 1.7 }, { "db": "CNNVD", "id": "CNNVD-201705-574", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2017-06151", "trust": 0.8 }, { "db": "ICS CERT", "id": "ICSA-18-128-01", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2017-004134", "trust": 0.8 }, { "db": "IVD", "id": "296C9514-B30D-4FA5-BCDC-9D8B2E9620C4", "trust": 0.2 }, { "db": "SEEBUG", "id": "SSVID-99023", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-110883", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4" }, { "db": "CNVD", "id": "CNVD-2017-06151" }, { "db": "VULHUB", "id": "VHN-110883" }, { "db": "BID", "id": "98369" }, { "db": "JVNDB", "id": "JVNDB-2017-004134" }, { "db": "NVD", "id": "CVE-2017-2680" }, { "db": "CNNVD", "id": "CNNVD-201705-574" } ] }, "id": "VAR-201705-3220", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4" }, { "db": "CNVD", "id": "CNVD-2017-06151" }, { "db": "VULHUB", "id": "VHN-110883" } ], "trust": 1.5351787667924528 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4" }, { "db": "CNVD", "id": "CNVD-2017-06151" } ] }, "last_update_date": "2023-12-18T12:51:14.128000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-293562", "trust": 0.8, "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf" }, { "title": "Patch for a number of Siemens products with a denial of service vulnerability (CNVD-2017-06151)", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/93364" }, { "title": "Multiple Siemens Product security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70052" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-06151" }, { "db": "JVNDB", "id": "JVNDB-2017-004134" }, { "db": "CNNVD", "id": "CNNVD-201705-574" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.0 }, { "problemtype": "CWE-20", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-110883" }, { "db": "JVNDB", "id": "JVNDB-2017-004134" }, { "db": "NVD", "id": "CVE-2017-2680" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-023-02" }, { "trust": 2.0, "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-284673.pdf" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/98369" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-293562.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-546832.pdf" }, { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-284673.pdf" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id/1038463" }, { "trust": 1.1, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-129-02" }, { "trust": 0.9, "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-293562.pdf" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2680" }, { "trust": 0.8, "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-128-01" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2680" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-17-129-02" }, { "trust": 0.3, "url": "http://subscriber.communications.siemens.com/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2017-06151" }, { "db": "VULHUB", "id": "VHN-110883" }, { "db": "BID", "id": "98369" }, { "db": "JVNDB", "id": "JVNDB-2017-004134" }, { "db": "NVD", "id": "CVE-2017-2680" }, { "db": "CNNVD", "id": "CNNVD-201705-574" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4" }, { "db": "CNVD", "id": "CNVD-2017-06151" }, { "db": "VULHUB", "id": "VHN-110883" }, { "db": "BID", "id": "98369" }, { "db": "JVNDB", "id": "JVNDB-2017-004134" }, { "db": "NVD", "id": "CVE-2017-2680" }, { "db": "CNNVD", "id": "CNNVD-201705-574" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-05-09T00:00:00", "db": "IVD", "id": "296c9514-b30d-4fa5-bcdc-9d8b2e9620c4" }, { "date": "2017-05-09T00:00:00", "db": "CNVD", "id": "CNVD-2017-06151" }, { "date": "2017-05-11T00:00:00", "db": "VULHUB", "id": "VHN-110883" }, { "date": "2017-05-08T00:00:00", "db": "BID", "id": "98369" }, { "date": "2017-06-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-004134" }, { "date": "2017-05-11T01:29:05.400000", "db": "NVD", "id": "CVE-2017-2680" }, { "date": "2017-05-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201705-574" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-05-09T00:00:00", "db": "CNVD", "id": "CNVD-2017-06151" }, { "date": "2020-09-29T00:00:00", "db": "VULHUB", "id": "VHN-110883" }, { "date": "2018-05-09T14:00:00", "db": "BID", "id": "98369" }, { "date": "2018-05-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2017-004134" }, { "date": "2022-04-12T18:29:01.937000", "db": "NVD", "id": "CVE-2017-2680" }, { "date": "2022-02-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201705-574" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201705-574" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Siemens Service disruption in products (DoS) Vulnerabilities", "sources": [ { "db": "JVNDB", "id": "JVNDB-2017-004134" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "resource management error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201705-574" } ], "trust": 0.6 } }
var-202108-2222
Vulnerability from variot
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. A security issue has been found in curl before version 7.78.0. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. The comparison also didn't include the 'issuer cert' which a transfer can set to qualify how to verify the server certificate. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: rh-dotnet31-curl security update Advisory ID: RHSA-2022:1354-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:1354 Issue date: 2022-04-13 CVE Names: CVE-2021-22876 CVE-2021-22924 CVE-2021-22946 CVE-2021-22947 ==================================================================== 1. Summary:
An update for rh-dotnet31-curl is now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
Security Fix(es):
-
curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876)
-
curl: Bad connection reuse due to flawed path name checks (CVE-2021-22924)
-
curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols (CVE-2021-22946)
-
curl: Server responses received before STARTTLS processed after TLS handshake (CVE-2021-22947)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer 1981460 - CVE-2021-22924 curl: Bad connection reuse due to flawed path name checks 2003175 - CVE-2021-22946 curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols 2003191 - CVE-2021-22947 curl: Server responses received before STARTTLS processed after TLS handshake
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm
x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm
x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet31-curl-7.61.1-22.el7_9.src.rpm
x86_64: rh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm rh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22924 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYlb3SNzjgjWX9erEAQgpXg/5AT2Nh6ff5mqlZ7dY4dfRgIFgwWOFbvsL 7SHL2ScZJGC2ArXHw9ZpL6XqOZlNm6LGy3V9py4CTEt3lSOl1i3NG4LBKjA7tnea C0l327UhJZqwg1NtZzuhfJTjngxY+09PKNF9X9ULfISZAU0LJlA32VsY/Aw3r2Pu tPx+v+xFKHov+lCT9M75Y7gd0O1McWRwnLF+9E8sVYfkkWp/KMEg4BiuiIax+5lD 9Cs7sgYGct1wDMC+aXbcgM06vCY8nKTwyD67yuFjL+wbHnjcO12Kle9AIzPLQpjU LvzQRqE5/KNhH1BC0jLJwRmFuRH4q/JP8+PRK7/9ABLIl10uj37z9XKpqRj5eBKe tof7/1Fq1DIhDQXoU2TB6SdWwAW/GgLb0tQf1F9KUfgJ+PUQGZED7JzB/jjBZqEy Rh2zDbM8hpCyTBA1bZb/34NyuGG2fypXYkbAda61bWAmn/oV4+P7tV+rGVdQP9GA rlvFPm3sEvT5qHe2pI0du5+Y0yB1PjPMmwYKBlNmhuNFbKgH6dLv8KlKMcbJvu4T dA7yKkZyyxux8W1Reyp0Wzh2wJE5aQfbZm9rzVDJ896AIlO+UzqHXH4XWoFQV1Rz Foj7yKfAJAS/fumVMGd5Z2rpzf8bVjiPltQi+qXFgdyfqpkLxzSKj1tFtWxFW8P4 04zDwrF/odg=o6o+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/):
2007489 - RHACM 2.1.12 images 2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets 2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request 2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser 2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure 2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams 2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack 2011020 - CVE-2021-41099 redis: Integer overflow issue with strings
-
8) - aarch64, ppc64le, s390x, x86_64
-
Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Summary:
The Migration Toolkit for Containers (MTC) 1.6.0 is now available. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):
1878824 - Web console is not accessible when deployed on OpenShift cluster on IBM Cloud 1887526 - "Stage" pods fail when migrating from classic OpenShift source cluster on IBM Cloud with block storage 1899562 - MigMigration custom resource does not display an error message when a migration fails because of volume mount error 1936886 - Service account token of existing remote cluster cannot be updated by using the web console 1936894 - "Ready" status of MigHook and MigPlan custom resources is not synchronized automatically 1949117 - "Migration plan resources" page displays a permanent error message when a migration plan is deleted from the backend 1951869 - MigPlan custom resource does not detect invalid source cluster reference 1968621 - Paused deployment config causes a migration to hang 1970338 - Parallel migrations fail because the initial backup is missing 1974737 - Migration plan name length in the "Migration plan" wizard is not validated 1975369 - "Debug view" link text on "Migration plans" page can be improved 1975372 - Destination namespace in MigPlan custom resource is not validated 1976895 - Namespace mapping cannot be changed using the Migration Plan wizard 1981810 - "Excluded" resources are not excluded from the migration 1982026 - Direct image migration fails if the source URI contains a double slash ("//") 1994985 - Web console crashes when a MigPlan custom resource is created with an empty namespaces list 1996169 - When "None" is selected as the target storage class in the web console, the setting is ignored and the default storage class is used 1996627 - MigPlan custom resource displays a "PvUsageAnalysisFailed" warning after a successful PVC migration 1996784 - "Migration resources" tree on the "Migration details" page is not displayed 1996902 - "Select all" checkbox on the "Namespaces" page of the "Migration plan" wizard remains selected after a namespace is unselected 1996904 - "Migration" dialogs on the "Migration plans" page display inconsistent capitalization 1996906 - "Migration details" page link is displayed for a migration plan with no associated migrations 1996938 - Search function on "Migration plans" page displays no results 1997051 - Indirect migration from MTC 1.5.1 to 1.6.0 fails during "StageBackup" phase 1997127 - Direct volume migration "retry" feature does not work correctly after a network failure 1997173 - Migration of custom resource definitions to OpenShift Container Platform 4.9 fails because of API version incompatibility 1997180 - "migration-log-reader" pod does not log invalid Rsync options 1997665 - Selected PVCs in the "State migration" dialog are reset because of background polling 1997694 - "Update operator" link on the "Clusters" page is incorrect 1997827 - "Migration plan" wizard displays PVC names incorrectly formatted after running state migration 1998062 - Rsync pod uses upstream image 1998283 - "Migration step details" link on the "Migrations" page does not work 1998550 - "Migration plan" wizard does not support certain screen resolutions 1998581 - "Migration details" link on "Migration plans" page displays "latestIsFailed" error 1999113 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration 1999381 - MigPlan custom resource displays "Stage completed with warnings" status after successful migration 1999528 - Position of the "Add migration plan" button is different from the other "Add" buttons 1999765 - "Migrate" button on "State migration" dialog is enabled when no PVCs are selected 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 2000205 - "Options" menu on the "Migration details" page displays incorrect items 2000218 - Validation incorrectly blocks namespace mapping if a source cluster namespace is the same as the destination namespace 2000243 - "Migration plan" wizard does not allow a migration within the same cluster 2000644 - Invalid migration plan causes "controller" pod to crash 2000875 - State migration status on "Migrations" page displays "Stage succeeded" message 2000979 - "clusterIPs" parameter of "service" object can cause Velero errors 2001089 - Direct volume migration fails because of missing CA path configuration 2001173 - Migration plan requires two clusters 2001786 - Migration fails during "Stage Backup" step because volume path on host not found 2001829 - Migration does not complete when the namespace contains a cron job with a PVC 2001941 - Fixing PVC conflicts in state migration plan using the web console causes the migration to run twice 2002420 - "Stage" pod not created for completed application pod, causing the "mig-controller" to stall 2002608 - Migration of unmounted PVC fails during "StageBackup" phase 2002897 - Rollback migration does not complete when the namespace contains a cron job 2003603 - "View logs" dialog displays the "--selector" option, which does not print all logs 2004601 - Migration plan status on "Migration plans" page is "Ready" after migration completed with warnings 2004923 - Web console displays "New operator version available" notification for incorrect operator 2005143 - Combining Rsync and Stunnel in a single pod can degrade performance 2006316 - Web console cannot create migration plan in a proxy environment 2007175 - Web console cannot be launched in a proxy environment
- JIRA issues fixed (https://issues.jboss.org/):
MIG-785 - Search for "Crane" in the Operator Hub should display the Migration Toolkit for Containers
- Summary:
Red Hat Advanced Cluster Management for Kubernetes 2.1.11 General Availability release images, which provide a security fix and update the container images. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.1.11 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
This advisory contains updates to one or more container images for Red Hat Advanced Cluster Management for Kubernetes.
Container updates:
-
RHACM 2.1.11 images (BZ# 1999375)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. To apply this upgrade, you must upgrade your OpenShift Container Platform version to 4.6, or later. Bugs fixed (https://bugzilla.redhat.com/):
1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name 1999375 - RHACM 2.1.11 images
- Description:
Quay 3.6.0 release
Security Fix(es):
-
nodejs-url-parse: incorrect hostname in url parsing (CVE-2018-3774)
-
python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c (CVE-2021-25289)
-
nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27516)
-
nodejs-debug: Regular expression Denial of Service (CVE-2017-16137)
-
nodejs-mime: Regular expression Denial of Service (CVE-2017-16138)
-
nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format (CVE-2018-1107)
-
nodejs-extend: Prototype pollution can allow attackers to modify object properties (CVE-2018-16492)
-
nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure (CVE-2018-21270)
-
nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)
-
nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)
-
nodejs-lodash: prototype pollution in zipObjectDeep function (CVE-2020-8203)
-
nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)
-
nodejs-highlight-js: prototype pollution via a crafted HTML code block (CVE-2020-26237)
-
urijs: Hostname spoofing via backslashes in URL (CVE-2020-26291)
-
python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow (CVE-2020-35654)
-
browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)
-
nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)
-
nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)
-
python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c (CVE-2021-25290)
-
python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c (CVE-2021-25291)
-
python-pillow: backtracking regex in PDF parser could be used as a DOS attack (CVE-2021-25292)
-
python-pillow: out-of-bounds read in SGIRleDecode.c (CVE-2021-25293)
-
nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise (CVE-2021-27515)
-
python-pillow: reported size of a contained image is not properly checked for a BLP container (CVE-2021-27921)
-
python-pillow: reported size of a contained image is not properly checked for an ICNS container (CVE-2021-27922)
-
python-pillow: reported size of a contained image is not properly checked for an ICO container (CVE-2021-27923)
-
python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function (CVE-2021-34552)
-
nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js (CVE-2018-1109)
-
lodash: Prototype pollution in utilities function (CVE-2018-3721)
-
hoek: Prototype pollution in utilities function (CVE-2018-3728)
-
lodash: uncontrolled resource consumption in Data handler causing denial of service (CVE-2019-1010266)
-
nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)
-
python-pillow: decoding a crafted PCX file could result in buffer over-read (CVE-2020-35653)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1500700 - CVE-2017-16138 nodejs-mime: Regular expression Denial of Service 1500705 - CVE-2017-16137 nodejs-debug: Regular expression Denial of Service 1545884 - CVE-2018-3721 lodash: Prototype pollution in utilities function 1545893 - CVE-2018-3728 hoek: Prototype pollution in utilities function 1546357 - CVE-2018-1107 nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format 1547272 - CVE-2018-1109 nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js 1608140 - CVE-2018-16492 nodejs-extend: Prototype pollution can allow attackers to modify object properties 1743096 - CVE-2019-1010266 lodash: uncontrolled resource consumption in Data handler causing denial of service 1840004 - CVE-2020-7608 nodejs-yargs-parser: prototype pollution vulnerability 1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function 1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function 1882256 - CVE-2019-20922 nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS 1882260 - CVE-2019-20920 nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution 1901662 - CVE-2020-26237 nodejs-highlight-js: prototype pollution via a crafted HTML code block 1915257 - CVE-2020-26291 urijs: Hostname spoofing via backslashes in URL 1915420 - CVE-2020-35653 python-pillow: decoding a crafted PCX file could result in buffer over-read 1915424 - CVE-2020-35654 python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow 1927293 - CVE-2018-21270 nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure 1934470 - CVE-2021-27516 nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise 1934474 - CVE-2021-27515 nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise 1934680 - CVE-2021-25289 python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c 1934685 - CVE-2021-25290 python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c 1934692 - CVE-2021-25291 python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c 1934699 - CVE-2021-25292 python-pillow: backtracking regex in PDF parser could be used as a DOS attack 1934705 - CVE-2021-25293 python-pillow: out-of-bounds read in SGIRleDecode.c 1935384 - CVE-2021-27921 python-pillow: reported size of a contained image is not properly checked for a BLP container 1935396 - CVE-2021-27922 python-pillow: reported size of a contained image is not properly checked for an ICNS container 1935401 - CVE-2021-27923 python-pillow: reported size of a contained image is not properly checked for an ICO container 1940759 - CVE-2018-3774 nodejs-url-parse: incorrect hostname in url parsing 1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing 1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js 1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) 1982378 - CVE-2021-34552 python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function
- JIRA issues fixed (https://issues.jboss.org/):
PROJQUAY-1417 - zstd compressed layers PROJQUAY-1449 - As a Quay admin I want to rely on the Operator to auto-scale all stateless parts of Quay PROJQUAY-1535 - As a user I can create and use nested repository name structures PROJQUAY-1583 - add "disconnected" annotation to operators PROJQUAY-1609 - Operator communicates status per managed component PROJQUAY-1610 - Operator does not make Quay deployment wait on Clair deployment PROJQUAY-1791 - v1beta CRD EOL PROJQUAY-1883 - Support OCP Re-encrypt routes PROJQUAY-1887 - allow either sha or tag in related images PROJQUAY-1926 - As an admin, I want an API to create first user, so I can automate deployment. PROJQUAY-1998 - note database deprecations in 3.6 Config Tool PROJQUAY-2050 - Support OCP Edge-Termination PROJQUAY-2100 - A customer can update the Operator from 3.3 to 3.6 directly PROJQUAY-2102 - add clair-4.2 enrichment data to quay UI PROJQUAY-672 - MutatingAdmissionWebhook Created Automatically for QBO During Install
- Bugs fixed (https://bugzilla.redhat.com/):
1858777 - Alert for VM with 'evictionStrategy: LiveMigrate' for local PVs set 1891921 - virt-launcher is missing /usr/share/zoneinfo directory, making it impossible to set clock offset of timezone type for the guest RTC 1896469 - In cluster with OVN Kubernetes networking - a node doesn't recover when configuring linux-bridge over its default NIC 1903687 - [scale] 1K DV creation failed 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1933043 - Delete VM just after it turns into "running" is very likely to hit grace period end 1935219 - [CNV-2.5] Set memory and CPU request on hco-operator and hco-webhook deployments 1942726 - test automatic bug creation for a new release 1943164 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed 1945589 - Live migration with virtiofs is possible 1953481 - New OCP priority classes are not used - Deploy 1953483 - New OCP priority classes are not used - SSP 1953484 - New OCP priority classes are not used - Storage 1955129 - Failed to bindmount hotplug-disk for hostpath-provisioner 1957852 - Could not start VM as restore snapshot was still not Complete 1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header 1963963 - hco.kubevirt.io:config-reader role and rolebinding are not strictly reconciled 1965050 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount 1973852 - Introduce VM crashloop backoff 1976604 - [CNV-5786] IP connectivity is lost after migration (masquerade) 1976730 - Disk is not usable due to incorrect size for proper alignment 1979631 - virt-chroot: container disk validation crash prevents VMI from starting/migrating 1979659 - 4.9.0 containers 1981345 - 4.9.0 rpms 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1985083 - VMI Pod fails to terminate due to a zombie qemu process 1985649 - virt-handler Pod is missing xorrisofs command 1985670 - virt-launcher fails to create v1 controller cpu for group: Read-only file system 1985719 - Unprivileged client fails to get guest agent data 1989176 - kube-cni-linux-bridge-plugin Pod is missing bridge CNI plugin 1989263 - VM Snapshot may freeze guest indefinitely 1989269 - Online VM Snapshot storing incorrect VM spec 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1991691 - Enable DownwardMetrics FeatureGate via HCO CR 1992608 - kubevirt doesn't respect useEmulation: true 1993121 - Rhel9 templates - provider-url should be updated to https://www.redhat.com/ 1994389 - Some of the cdi resources missing app labels 1995295 - SCC annotation of ssp-operator was changed to privileged 1996407 - [cdi-functional-tests] cdi-docker-registry-host Pod fails to start 1997014 - Common templates - dataVolumeTemplates API version should be updated 1998054 - RHEL9 template - update template description. 1998656 - no "name" label in ssp-operator pod 1999571 - NFS clone not progressing when clone sizes mismatch (target > source) 1999617 - Unable to create a VM with nonroot VirtLauncher Pods 1999835 - ConsoleCLIDownload | wrong path in virtctl archive URL 2000052 - NNCP creation failures after nmstate-handler pod deletion 2000204 - [4.9.0] [RFE] volumeSnapshotStatuses reason does not check for volume type that do not support snapshots 2001041 - [4.9.0] Importer attempts to shrink an image in certain situations 2001047 - Automatic size detection may not request a PVC that is large enough for an import 2003473 - Failed to Migrate Windows VM with CDROM (readonly) 2005695 - With descheduler during multiple VMIs migrations, some VMs are restarted 2006418 - Clone Strategy does not work as described 2008900 - Eviction of not live migratable VMs due to virt-launcher upgrade can happen outside the upgrade window 2010742 - [CNV-4.9] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13 2011179 - Cluster-wide live migration limits and timeouts are not suitable 2017394 - After upgrade, live migration is Pending 2018521 - [Storage] Failed to restore VirtualMachineSnapshot after CNV upgrade
- These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack.
For the stable distribution (bullseye), these problems have been fixed in version 7.74.0-1.3+deb11u2.
We recommend that you upgrade your curl packages.
For the detailed security status of curl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/curl
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K i8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD waofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp rXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz Uao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE yIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab SPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF REStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R 1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt TV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38 EPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA= =3E71 -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202108-2222", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "scalance m876-4", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "7.1" }, { "model": "universal forwarder", "scope": "eq", "trust": 1.0, "vendor": "splunk", "version": "9.1.0" }, { "model": "cloud backup", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "universal forwarder", "scope": "gte", "trust": 1.0, "vendor": "splunk", "version": "8.2.0" }, { "model": "simatic rtu3030c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.0.14" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.59" }, { "model": "sinec infrastructure network services", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.0.1.1" }, { "model": "scalance m874-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "7.1" }, { "model": "libcurl", "scope": "gte", "trust": 1.0, "vendor": "haxx", "version": "7.10.4" }, { "model": "simatic rtu3031c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.0.14" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "simatic rtu 3041c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.0.14" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.57" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "33" }, { "model": "ruggedcomrm 1224 lte", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "7.1" }, { "model": "simatic rtu3010c", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "5.0.14" }, { "model": "mysql server", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "5.7.0" }, { "model": "solidfire baseboard management controller", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "scalance m812-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "7.1" }, { "model": "scalance m876-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "7.1" }, { "model": "mysql server", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "8.0.26" }, { "model": "solidfire \\\u0026 hci management node", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "clustered data ontap", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "siplus net cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.22" }, { "model": "scalance m826-2", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "7.1" }, { "model": "universal forwarder", "scope": "gte", "trust": 1.0, "vendor": "splunk", "version": "9.0.0" }, { "model": "scalance mum856-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "7.1" }, { "model": "sinema remote connect", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "logo\\! cmr2040", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "scalance m874-3", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "7.1" }, { "model": "universal forwarder", "scope": "lt", "trust": 1.0, "vendor": "splunk", "version": "9.0.6" }, { "model": "scalance s615", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "7.1" }, { "model": "sinema remote connect server", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.1" }, { "model": "peoplesoft enterprise peopletools", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.58" }, { "model": "simatic cp 1543-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.0.22" }, { "model": "logo\\! cmr2020", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "*" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "11.0" }, { "model": "scalance m816-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "7.1" }, { "model": "mysql server", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "8.0.0" }, { "model": "mysql server", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "5.7.36" }, { "model": "libcurl", "scope": "lt", "trust": 1.0, "vendor": "haxx", "version": "7.77.0" }, { "model": "scalance m804pb", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "7.1" }, { "model": "universal forwarder", "scope": "lt", "trust": 1.0, "vendor": "splunk", "version": "8.2.12" }, { "model": "simatic cp 1545-1", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "1.1" } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22924" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.77.0", "versionStartIncluding": "7.10.4", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:netapp:solidfire_\\\u0026_hci_management_node:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "8.0.26", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "5.7.36", "versionStartIncluding": "5.7.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.0.1.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.1", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:logo\\!_cmr2040_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:logo\\!_cmr2040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:logo\\!_cmr2020_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:logo\\!_cmr2020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:ruggedcomrm_1224_lte_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:ruggedcomrm_1224_lte:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_m804pb_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_m804pb:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_m812-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_m812-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_m816-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_m816-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_m826-2_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_m826-2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_m874-2_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_m874-2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_m874-3_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_m874-3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_m876-3_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_m876-3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_m876-4_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_m876-4:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_mum856-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_mum856-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "7.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1543-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.22", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1543-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_cp_1545-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_cp_1545-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_rtu3010c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.0.14", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_rtu3010c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_rtu3030c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.0.14", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_rtu3030c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_rtu3031c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.0.14", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_rtu3031c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:simatic_rtu_3041c_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "5.0.14", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:simatic_rtu_3041c:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:sinema_remote_connect:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.1", "vulnerable": true } ], "operator": "OR" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:siemens:siplus_net_cp_1543-1_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.0.22", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:siemens:siplus_net_cp_1543-1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.0.6", "versionStartIncluding": "9.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.2.12", "versionStartIncluding": "8.2.0", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-22924" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "164523" }, { "db": "PACKETSTORM", "id": "166714" }, { "db": "PACKETSTORM", "id": "164583" }, { "db": "PACKETSTORM", "id": "164221" }, { "db": "PACKETSTORM", "id": "164342" }, { "db": "PACKETSTORM", "id": "164282" }, { "db": "PACKETSTORM", "id": "164555" }, { "db": "PACKETSTORM", "id": "164755" } ], "trust": 0.8 }, "cve": "CVE-2021-22924", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 2.9, "integrityImpact": "NONE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-381398", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "exploitabilityScore": 2.2, "impactScore": 1.4, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-22924", "trust": 1.0, "value": "LOW" }, { "author": "VULHUB", "id": "VHN-381398", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-381398" }, { "db": "NVD", "id": "CVE-2021-22924" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can setto qualify how to verify the server certificate. A security issue has been found in curl before version 7.78.0. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse, if one of them matches the setup. The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can set to qualify how to verify the server certificate. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: rh-dotnet31-curl security update\nAdvisory ID: RHSA-2022:1354-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:1354\nIssue date: 2022-04-13\nCVE Names: CVE-2021-22876 CVE-2021-22924 CVE-2021-22946\n CVE-2021-22947\n====================================================================\n1. Summary:\n\nAn update for rh-dotnet31-curl is now available for .NET Core on Red Hat\nEnterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements a subset of the\n.NET framework APIs and several new APIs, and it includes a CLR\nimplementation. \n\nSecurity Fix(es):\n\n* curl: Leak of authentication credentials in URL via automatic Referer\n(CVE-2021-22876)\n\n* curl: Bad connection reuse due to flawed path name checks\n(CVE-2021-22924)\n\n* curl: Requirement to use TLS not properly enforced for IMAP, POP3, and\nFTP protocols (CVE-2021-22946)\n\n* curl: Server responses received before STARTTLS processed after TLS\nhandshake (CVE-2021-22947)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941964 - CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer\n1981460 - CVE-2021-22924 curl: Bad connection reuse due to flawed path name checks\n2003175 - CVE-2021-22946 curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols\n2003191 - CVE-2021-22947 curl: Server responses received before STARTTLS processed after TLS handshake\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet31-curl-7.61.1-22.el7_9.src.rpm\n\nx86_64:\nrh-dotnet31-curl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-curl-debuginfo-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-7.61.1-22.el7_9.x86_64.rpm\nrh-dotnet31-libcurl-devel-7.61.1-22.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-22876\nhttps://access.redhat.com/security/cve/CVE-2021-22924\nhttps://access.redhat.com/security/cve/CVE-2021-22946\nhttps://access.redhat.com/security/cve/CVE-2021-22947\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYlb3SNzjgjWX9erEAQgpXg/5AT2Nh6ff5mqlZ7dY4dfRgIFgwWOFbvsL\n7SHL2ScZJGC2ArXHw9ZpL6XqOZlNm6LGy3V9py4CTEt3lSOl1i3NG4LBKjA7tnea\nC0l327UhJZqwg1NtZzuhfJTjngxY+09PKNF9X9ULfISZAU0LJlA32VsY/Aw3r2Pu\ntPx+v+xFKHov+lCT9M75Y7gd0O1McWRwnLF+9E8sVYfkkWp/KMEg4BiuiIax+5lD\n9Cs7sgYGct1wDMC+aXbcgM06vCY8nKTwyD67yuFjL+wbHnjcO12Kle9AIzPLQpjU\nLvzQRqE5/KNhH1BC0jLJwRmFuRH4q/JP8+PRK7/9ABLIl10uj37z9XKpqRj5eBKe\ntof7/1Fq1DIhDQXoU2TB6SdWwAW/GgLb0tQf1F9KUfgJ+PUQGZED7JzB/jjBZqEy\nRh2zDbM8hpCyTBA1bZb/34NyuGG2fypXYkbAda61bWAmn/oV4+P7tV+rGVdQP9GA\nrlvFPm3sEvT5qHe2pI0du5+Y0yB1PjPMmwYKBlNmhuNFbKgH6dLv8KlKMcbJvu4T\ndA7yKkZyyxux8W1Reyp0Wzh2wJE5aQfbZm9rzVDJ896AIlO+UzqHXH4XWoFQV1Rz\nFoj7yKfAJAS/fumVMGd5Z2rpzf8bVjiPltQi+qXFgdyfqpkLxzSKj1tFtWxFW8P4\n04zDwrF/odg=o6o+\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Bugs fixed (https://bugzilla.redhat.com/):\n\n2007489 - RHACM 2.1.12 images\n2010991 - CVE-2021-32687 redis: Integer overflow issue with intsets\n2011000 - CVE-2021-32675 redis: Denial of service via Redis Standard Protocol (RESP) request\n2011001 - CVE-2021-32672 redis: Out of bounds read in lua debugger protocol parser\n2011004 - CVE-2021-32628 redis: Integer overflow bug in the ziplist data structure\n2011010 - CVE-2021-32627 redis: Integer overflow issue with Streams\n2011017 - CVE-2021-32626 redis: Lua scripts can overflow the heap-based Lua stack\n2011020 - CVE-2021-41099 redis: Integer overflow issue with strings\n\n5. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. Summary:\n\nThe Migration Toolkit for Containers (MTC) 1.6.0 is now available. Description:\n\nThe Migration Toolkit for Containers (MTC) enables you to migrate\nKubernetes resources, persistent volume data, and internal container images\nbetween OpenShift Container Platform clusters, using the MTC web console or\nthe Kubernetes API. Bugs fixed (https://bugzilla.redhat.com/):\n\n1878824 - Web console is not accessible when deployed on OpenShift cluster on IBM Cloud\n1887526 - \"Stage\" pods fail when migrating from classic OpenShift source cluster on IBM Cloud with block storage\n1899562 - MigMigration custom resource does not display an error message when a migration fails because of volume mount error\n1936886 - Service account token of existing remote cluster cannot be updated by using the web console\n1936894 - \"Ready\" status of MigHook and MigPlan custom resources is not synchronized automatically\n1949117 - \"Migration plan resources\" page displays a permanent error message when a migration plan is deleted from the backend\n1951869 - MigPlan custom resource does not detect invalid source cluster reference\n1968621 - Paused deployment config causes a migration to hang\n1970338 - Parallel migrations fail because the initial backup is missing\n1974737 - Migration plan name length in the \"Migration plan\" wizard is not validated\n1975369 - \"Debug view\" link text on \"Migration plans\" page can be improved\n1975372 - Destination namespace in MigPlan custom resource is not validated\n1976895 - Namespace mapping cannot be changed using the Migration Plan wizard\n1981810 - \"Excluded\" resources are not excluded from the migration\n1982026 - Direct image migration fails if the source URI contains a double slash (\"//\")\n1994985 - Web console crashes when a MigPlan custom resource is created with an empty namespaces list\n1996169 - When \"None\" is selected as the target storage class in the web console, the setting is ignored and the default storage class is used\n1996627 - MigPlan custom resource displays a \"PvUsageAnalysisFailed\" warning after a successful PVC migration\n1996784 - \"Migration resources\" tree on the \"Migration details\" page is not displayed\n1996902 - \"Select all\" checkbox on the \"Namespaces\" page of the \"Migration plan\" wizard remains selected after a namespace is unselected\n1996904 - \"Migration\" dialogs on the \"Migration plans\" page display inconsistent capitalization\n1996906 - \"Migration details\" page link is displayed for a migration plan with no associated migrations\n1996938 - Search function on \"Migration plans\" page displays no results\n1997051 - Indirect migration from MTC 1.5.1 to 1.6.0 fails during \"StageBackup\" phase\n1997127 - Direct volume migration \"retry\" feature does not work correctly after a network failure\n1997173 - Migration of custom resource definitions to OpenShift Container Platform 4.9 fails because of API version incompatibility\n1997180 - \"migration-log-reader\" pod does not log invalid Rsync options\n1997665 - Selected PVCs in the \"State migration\" dialog are reset because of background polling\n1997694 - \"Update operator\" link on the \"Clusters\" page is incorrect\n1997827 - \"Migration plan\" wizard displays PVC names incorrectly formatted after running state migration\n1998062 - Rsync pod uses upstream image\n1998283 - \"Migration step details\" link on the \"Migrations\" page does not work\n1998550 - \"Migration plan\" wizard does not support certain screen resolutions\n1998581 - \"Migration details\" link on \"Migration plans\" page displays \"latestIsFailed\" error\n1999113 - \"oc describe\" and \"oc log\" commands on \"Migration resources\" tree cannot be copied after failed migration\n1999381 - MigPlan custom resource displays \"Stage completed with warnings\" status after successful migration\n1999528 - Position of the \"Add migration plan\" button is different from the other \"Add\" buttons\n1999765 - \"Migrate\" button on \"State migration\" dialog is enabled when no PVCs are selected\n1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function\n2000205 - \"Options\" menu on the \"Migration details\" page displays incorrect items\n2000218 - Validation incorrectly blocks namespace mapping if a source cluster namespace is the same as the destination namespace\n2000243 - \"Migration plan\" wizard does not allow a migration within the same cluster\n2000644 - Invalid migration plan causes \"controller\" pod to crash\n2000875 - State migration status on \"Migrations\" page displays \"Stage succeeded\" message\n2000979 - \"clusterIPs\" parameter of \"service\" object can cause Velero errors\n2001089 - Direct volume migration fails because of missing CA path configuration\n2001173 - Migration plan requires two clusters\n2001786 - Migration fails during \"Stage Backup\" step because volume path on host not found\n2001829 - Migration does not complete when the namespace contains a cron job with a PVC\n2001941 - Fixing PVC conflicts in state migration plan using the web console causes the migration to run twice\n2002420 - \"Stage\" pod not created for completed application pod, causing the \"mig-controller\" to stall\n2002608 - Migration of unmounted PVC fails during \"StageBackup\" phase\n2002897 - Rollback migration does not complete when the namespace contains a cron job\n2003603 - \"View logs\" dialog displays the \"--selector\" option, which does not print all logs\n2004601 - Migration plan status on \"Migration plans\" page is \"Ready\" after migration completed with warnings\n2004923 - Web console displays \"New operator version available\" notification for incorrect operator\n2005143 - Combining Rsync and Stunnel in a single pod can degrade performance\n2006316 - Web console cannot create migration plan in a proxy environment\n2007175 - Web console cannot be launched in a proxy environment\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nMIG-785 - Search for \"Crane\" in the Operator Hub should display the Migration Toolkit for Containers\n\n6. Summary:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.11 General\nAvailability release images, which provide a security fix and update the\ncontainer images. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.11 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nThis advisory contains updates to one or more container images for Red Hat\nAdvanced Cluster Management for Kubernetes. \n\nContainer updates:\n\n* RHACM 2.1.11 images (BZ# 1999375)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. To apply this upgrade,\nyou \nmust upgrade your OpenShift Container Platform version to 4.6, or later. Bugs fixed (https://bugzilla.redhat.com/):\n\n1963121 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name\n1999375 - RHACM 2.1.11 images\n\n5. Description:\n\nQuay 3.6.0 release\n\nSecurity Fix(es):\n\n* nodejs-url-parse: incorrect hostname in url parsing (CVE-2018-3774)\n\n* python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error\nchecking in TiffDecode.c (CVE-2021-25289)\n\n* nodejs-urijs: mishandling certain uses of backslash may lead to\nconfidentiality compromise (CVE-2021-27516)\n\n* nodejs-debug: Regular expression Denial of Service (CVE-2017-16137)\n\n* nodejs-mime: Regular expression Denial of Service (CVE-2017-16138)\n\n* nodejs-is-my-json-valid: ReDoS when validating JSON fields with email\nformat (CVE-2018-1107)\n\n* nodejs-extend: Prototype pollution can allow attackers to modify object\nproperties (CVE-2018-16492)\n\n* nodejs-stringstream: out-of-bounds read leading to uninitialized memory\nexposure (CVE-2018-21270)\n\n* nodejs-handlebars: lookup helper fails to properly validate templates\nallowing for arbitrary JavaScript execution (CVE-2019-20920)\n\n* nodejs-handlebars: an endless loop while processing specially-crafted\ntemplates leads to DoS (CVE-2019-20922)\n\n* nodejs-lodash: prototype pollution in zipObjectDeep function\n(CVE-2020-8203)\n\n* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate\nfunction (CVE-2020-15366)\n\n* nodejs-highlight-js: prototype pollution via a crafted HTML code block\n(CVE-2020-26237)\n\n* urijs: Hostname spoofing via backslashes in URL (CVE-2020-26291)\n\n* python-pillow: decoding crafted YCbCr files could result in heap-based\nbuffer overflow (CVE-2020-35654)\n\n* browserslist: parsing of invalid queries could result in Regular\nExpression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map\nparsing (CVE-2021-23368)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in\nlib/previous-map.js (CVE-2021-23382)\n\n* python-pillow: negative-offset memcpy with an invalid size in\nTiffDecode.c (CVE-2021-25290)\n\n* python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c\n(CVE-2021-25291)\n\n* python-pillow: backtracking regex in PDF parser could be used as a DOS\nattack (CVE-2021-25292)\n\n* python-pillow: out-of-bounds read in SGIRleDecode.c (CVE-2021-25293)\n\n* nodejs-url-parse: mishandling certain uses of backslash may lead to\nconfidentiality compromise (CVE-2021-27515)\n\n* python-pillow: reported size of a contained image is not properly checked\nfor a BLP container (CVE-2021-27921)\n\n* python-pillow: reported size of a contained image is not properly checked\nfor an ICNS container (CVE-2021-27922)\n\n* python-pillow: reported size of a contained image is not properly checked\nfor an ICO container (CVE-2021-27923)\n\n* python-pillow: buffer overflow in Convert.c because it allow an attacker\nto pass controlled parameters directly into a convert function\n(CVE-2021-34552)\n\n* nodejs-braces: Regular Expression Denial of Service (ReDoS) in\nlib/parsers.js (CVE-2018-1109)\n\n* lodash: Prototype pollution in utilities function (CVE-2018-3721)\n\n* hoek: Prototype pollution in utilities function (CVE-2018-3728)\n\n* lodash: uncontrolled resource consumption in Data handler causing denial\nof service (CVE-2019-1010266)\n\n* nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608)\n\n* python-pillow: decoding a crafted PCX file could result in buffer\nover-read (CVE-2020-35653)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1500700 - CVE-2017-16138 nodejs-mime: Regular expression Denial of Service\n1500705 - CVE-2017-16137 nodejs-debug: Regular expression Denial of Service\n1545884 - CVE-2018-3721 lodash: Prototype pollution in utilities function\n1545893 - CVE-2018-3728 hoek: Prototype pollution in utilities function\n1546357 - CVE-2018-1107 nodejs-is-my-json-valid: ReDoS when validating JSON fields with email format\n1547272 - CVE-2018-1109 nodejs-braces: Regular Expression Denial of Service (ReDoS) in lib/parsers.js\n1608140 - CVE-2018-16492 nodejs-extend: Prototype pollution can allow attackers to modify object properties\n1743096 - CVE-2019-1010266 lodash: uncontrolled resource consumption in Data handler causing denial of service\n1840004 - CVE-2020-7608 nodejs-yargs-parser: prototype pollution vulnerability\n1857412 - CVE-2020-8203 nodejs-lodash: prototype pollution in zipObjectDeep function\n1857977 - CVE-2020-15366 nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function\n1882256 - CVE-2019-20922 nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS\n1882260 - CVE-2019-20920 nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution\n1901662 - CVE-2020-26237 nodejs-highlight-js: prototype pollution via a crafted HTML code block\n1915257 - CVE-2020-26291 urijs: Hostname spoofing via backslashes in URL\n1915420 - CVE-2020-35653 python-pillow: decoding a crafted PCX file could result in buffer over-read\n1915424 - CVE-2020-35654 python-pillow: decoding crafted YCbCr files could result in heap-based buffer overflow\n1927293 - CVE-2018-21270 nodejs-stringstream: out-of-bounds read leading to uninitialized memory exposure\n1934470 - CVE-2021-27516 nodejs-urijs: mishandling certain uses of backslash may lead to confidentiality compromise\n1934474 - CVE-2021-27515 nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise\n1934680 - CVE-2021-25289 python-pillow: insufficent fix for CVE-2020-35654 due to incorrect error checking in TiffDecode.c\n1934685 - CVE-2021-25290 python-pillow: negative-offset memcpy with an invalid size in TiffDecode.c\n1934692 - CVE-2021-25291 python-pillow: out-of-bounds read in TiffReadRGBATile in TiffDecode.c\n1934699 - CVE-2021-25292 python-pillow: backtracking regex in PDF parser could be used as a DOS attack\n1934705 - CVE-2021-25293 python-pillow: out-of-bounds read in SGIRleDecode.c\n1935384 - CVE-2021-27921 python-pillow: reported size of a contained image is not properly checked for a BLP container\n1935396 - CVE-2021-27922 python-pillow: reported size of a contained image is not properly checked for an ICNS container\n1935401 - CVE-2021-27923 python-pillow: reported size of a contained image is not properly checked for an ICO container\n1940759 - CVE-2018-3774 nodejs-url-parse: incorrect hostname in url parsing\n1948763 - CVE-2021-23368 nodejs-postcss: Regular expression denial of service during source map parsing\n1954150 - CVE-2021-23382 nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js\n1955619 - CVE-2021-23364 browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS)\n1982378 - CVE-2021-34552 python-pillow: buffer overflow in Convert.c because it allow an attacker to pass controlled parameters directly into a convert function\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nPROJQUAY-1417 - zstd compressed layers\nPROJQUAY-1449 - As a Quay admin I want to rely on the Operator to auto-scale all stateless parts of Quay\nPROJQUAY-1535 - As a user I can create and use nested repository name structures\nPROJQUAY-1583 - add \"disconnected\" annotation to operators\nPROJQUAY-1609 - Operator communicates status per managed component\nPROJQUAY-1610 - Operator does not make Quay deployment wait on Clair deployment\nPROJQUAY-1791 - v1beta CRD EOL\nPROJQUAY-1883 - Support OCP Re-encrypt routes\nPROJQUAY-1887 - allow either sha or tag in related images\nPROJQUAY-1926 - As an admin, I want an API to create first user, so I can automate deployment. \nPROJQUAY-1998 - note database deprecations in 3.6 Config Tool\nPROJQUAY-2050 - Support OCP Edge-Termination\nPROJQUAY-2100 - A customer can update the Operator from 3.3 to 3.6 directly\nPROJQUAY-2102 - add clair-4.2 enrichment data to quay UI\nPROJQUAY-672 - MutatingAdmissionWebhook Created Automatically for QBO During Install\n\n6. Bugs fixed (https://bugzilla.redhat.com/):\n\n1858777 - Alert for VM with \u0027evictionStrategy: LiveMigrate\u0027 for local PVs set\n1891921 - virt-launcher is missing /usr/share/zoneinfo directory, making it impossible to set clock offset of timezone type for the guest RTC\n1896469 - In cluster with OVN Kubernetes networking - a node doesn\u0027t recover when configuring linux-bridge over its default NIC\n1903687 - [scale] 1K DV creation failed\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1933043 - Delete VM just after it turns into \"running\" is very likely to hit grace period end\n1935219 - [CNV-2.5] Set memory and CPU request on hco-operator and hco-webhook deployments\n1942726 - test automatic bug creation for a new release\n1943164 - Node drain: Sometimes source virt-launcher pod status is Failed and not Completed\n1945589 - Live migration with virtiofs is possible\n1953481 - New OCP priority classes are not used - Deploy\n1953483 - New OCP priority classes are not used - SSP\n1953484 - New OCP priority classes are not used - Storage\n1955129 - Failed to bindmount hotplug-disk for hostpath-provisioner\n1957852 - Could not start VM as restore snapshot was still not Complete\n1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header\n1963963 - hco.kubevirt.io:config-reader role and rolebinding are not strictly reconciled\n1965050 - RoleBinding and ClusterRoleBinding brought in by kubevirt does not get reconciled when kind is ServiceAccount\n1973852 - Introduce VM crashloop backoff\n1976604 - [CNV-5786] IP connectivity is lost after migration (masquerade)\n1976730 - Disk is not usable due to incorrect size for proper alignment\n1979631 - virt-chroot: container disk validation crash prevents VMI from starting/migrating\n1979659 - 4.9.0 containers\n1981345 - 4.9.0 rpms\n1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic\n1985083 - VMI Pod fails to terminate due to a zombie qemu process\n1985649 - virt-handler Pod is missing xorrisofs command\n1985670 - virt-launcher fails to create v1 controller cpu for group: Read-only file system\n1985719 - Unprivileged client fails to get guest agent data\n1989176 - kube-cni-linux-bridge-plugin Pod is missing bridge CNI plugin\n1989263 - VM Snapshot may freeze guest indefinitely\n1989269 - Online VM Snapshot storing incorrect VM spec\n1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names\n1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty\n1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents\n1991691 - Enable DownwardMetrics FeatureGate via HCO CR\n1992608 - kubevirt doesn\u0027t respect useEmulation: true\n1993121 - Rhel9 templates - provider-url should be updated to https://www.redhat.com/\n1994389 - Some of the cdi resources missing app labels\n1995295 - SCC annotation of ssp-operator was changed to privileged\n1996407 - [cdi-functional-tests] cdi-docker-registry-host Pod fails to start\n1997014 - Common templates - dataVolumeTemplates API version should be updated\n1998054 - RHEL9 template - update template description. \n1998656 - no \"name\" label in ssp-operator pod\n1999571 - NFS clone not progressing when clone sizes mismatch (target \u003e source)\n1999617 - Unable to create a VM with nonroot VirtLauncher Pods\n1999835 - ConsoleCLIDownload | wrong path in virtctl archive URL\n2000052 - NNCP creation failures after nmstate-handler pod deletion\n2000204 - [4.9.0] [RFE] volumeSnapshotStatuses reason does not check for volume type that do not support snapshots\n2001041 - [4.9.0] Importer attempts to shrink an image in certain situations\n2001047 - Automatic size detection may not request a PVC that is large enough for an import\n2003473 - Failed to Migrate Windows VM with CDROM (readonly)\n2005695 - With descheduler during multiple VMIs migrations, some VMs are restarted\n2006418 - Clone Strategy does not work as described\n2008900 - Eviction of not live migratable VMs due to virt-launcher upgrade can happen outside the upgrade window\n2010742 - [CNV-4.9] VMI is in LiveMigrate loop when Upgrading Cluster from 2.6.7/4.7.32 to OCP 4.8.13\n2011179 - Cluster-wide live migration limits and timeouts are not suitable\n2017394 - After upgrade, live migration is Pending\n2018521 - [Storage] Failed to restore VirtualMachineSnapshot after CNV upgrade\n\n5. These flaws may allow remote attackers to obtain sensitive\ninformation, leak authentication or cookie header data or facilitate a\ndenial of service attack. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 7.74.0-1.3+deb11u2. \n\nWe recommend that you upgrade your curl packages. \n\nFor the detailed security status of curl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/curl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmLoBaNfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD\nRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7\nUeTf9A//VWkco2gxCMMe8JDcL9sLD0B5L8KGRxbPBYmpE1l2kCpiW9QGVwCN3q2K\ni8xo0jmRxSwSXDmAE17aTtGT66vU8vQSHewty031TcvWKBoAJpKRTbazfdOy/vDD\nwaofTEaUClFt3NNiR3gigRU6OFV/9MWlUWwCJ/Wgd5osJTQCyWV/iHz3FJluc1Gp\nrXamYLnWGUJbIZgMFEo7TqIyb91P0PrX4hpnCcnhvY4ci5NWOj2qaoWGhgF+f9gz\nUao91GTOnuTyoY3apKzifdO5dih9zJttnRKUgHkn9YCGxanljoPjHRYOavWdN6bE\nyIpT/Xw2dy05Fzydb73bDurQP+mkyWGZA+S8gxtbY7S7OylRS9iHSfyUpAVEM/Ab\nSPkGQl6vBKr7dmyHkdIlbViste6kcmhQQete9E3tM18MkyK0NbBiUj+pShNPC+SF\nREStal14ZE+DSwFKp5UA8izEh0G5RC5VUVhB/jtoxym2rvmIamk5YqCS1rupGP9R\n1Y+Jm8CywBrKHl5EzAVUswC5xDAArWdXRvrgHCeElnkwuCwRC8AgRiYFFRulWKwt\nTV5qveehnzSc2z5IDc/tdiPWNJhJu/blNN8BauG8zmJV4ZhZP9EO1FCLE7DpqQ38\nEPtUTMXaMQR1W15He51auBQwJgSiX1II+5jh6PeZTKBKnJgLYNA=\n=3E71\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2021-22924" }, { "db": "VULHUB", "id": "VHN-381398" }, { "db": "VULMON", "id": "CVE-2021-22924" }, { "db": "PACKETSTORM", "id": "164523" }, { "db": "PACKETSTORM", "id": "166714" }, { "db": "PACKETSTORM", "id": "164583" }, { "db": "PACKETSTORM", "id": "164221" }, { "db": "PACKETSTORM", "id": "164342" }, { "db": "PACKETSTORM", "id": "164282" }, { "db": "PACKETSTORM", "id": "164555" }, { "db": "PACKETSTORM", "id": "164755" }, { "db": "PACKETSTORM", "id": "169318" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-22924", "trust": 2.1 }, { "db": "SIEMENS", "id": "SSA-732250", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-484086", "trust": 1.1 }, { "db": "SIEMENS", "id": "SSA-389290", "trust": 1.1 }, { "db": "HACKERONE", "id": "1223565", "trust": 1.1 }, { "db": "PACKETSTORM", "id": "164755", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "164583", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "165008", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "164948", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-381398", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-22924", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "164523", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "166714", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "164221", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "164342", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "164282", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "164555", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "169318", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381398" }, { "db": "VULMON", "id": "CVE-2021-22924" }, { "db": "PACKETSTORM", "id": "164523" }, { "db": "PACKETSTORM", "id": "166714" }, { "db": "PACKETSTORM", "id": "164583" }, { "db": "PACKETSTORM", "id": "164221" }, { "db": "PACKETSTORM", "id": "164342" }, { "db": "PACKETSTORM", "id": "164282" }, { "db": "PACKETSTORM", "id": "164555" }, { "db": "PACKETSTORM", "id": "164755" }, { "db": "PACKETSTORM", "id": "169318" }, { "db": "NVD", "id": "CVE-2021-22924" } ] }, "id": "VAR-202108-2222", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-381398" } ], "trust": 0.7818182 }, "last_update_date": "2024-07-23T19:37:05.808000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2021-22924 log" }, { "title": "Arch Linux Advisories: [ASA-202107-61] libcurl-compat: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202107-61" }, { "title": "Arch Linux Advisories: [ASA-202107-60] lib32-curl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202107-60" }, { "title": "Arch Linux Advisories: [ASA-202107-64] lib32-libcurl-gnutls: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202107-64" }, { "title": "Arch Linux Advisories: [ASA-202107-62] lib32-libcurl-compat: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202107-62" }, { "title": "Arch Linux Advisories: [ASA-202107-63] libcurl-gnutls: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202107-63" }, { "title": "Arch Linux Advisories: [ASA-202107-59] curl: multiple issues", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-202107-59" } ], "sources": [ { "db": "VULMON", "id": "CVE-2021-22924" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-706", "trust": 1.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-381398" }, { "db": "NVD", "id": "CVE-2021-22924" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf" }, { "trust": 1.1, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf" }, { "trust": 1.1, "url": "https://security.netapp.com/advisory/ntap-20210902-0003/" }, { "trust": 1.1, "url": "https://www.debian.org/security/2022/dsa-5197" }, { "trust": 1.1, "url": "https://hackerone.com/reports/1223565" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "trust": 1.1, "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "trust": 1.1, "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html" }, { "trust": 1.1, "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cdev.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc%40%3cusers.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cdev.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7%40%3cusers.kafka.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22924" }, { "trust": 0.8, "url": "https://access.redhat.com/security/cve/cve-2021-22924" }, { "trust": 0.8, "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.8, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.8, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22922" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22923" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2021-22922" }, { "trust": 0.7, "url": "https://access.redhat.com/security/cve/cve-2021-22923" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2021-36222" }, { "trust": 0.6, "url": "https://access.redhat.com/security/cve/cve-2021-37750" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37750" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-36222" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3653" }, { "trust": 0.4, "url": "https://access.redhat.com/security/cve/cve-2021-3653" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.4, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.3, "url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-32626" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-32687" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32626" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-41099" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32675" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23017" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-32675" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-41099" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32627" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32687" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32628" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32672" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-23017" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-32627" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-32672" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-32628" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22946" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22947" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37576" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2021-37576" }, { "trust": 0.2, "url": "https://issues.jboss.org/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-25648" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25648" }, { "trust": 0.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/frucw2uvnyudzf72dqlfqr4pjec6cf7v/" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cdev.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cdev.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3cusers.kafka.apache.org%3e" }, { "trust": 0.1, "url": "https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3cusers.kafka.apache.org%3e" }, { "trust": 0.1, "url": "http://seclists.org/oss-sec/2021/q3/26" }, { "trust": 0.1, "url": "https://security.archlinux.org/cve-2021-22924" }, { "trust": 0.1, "url": "https://security.archlinux.org/asa-202107-61" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23434" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3873" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23434" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22947" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22946" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22876" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2022:1354" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22876" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22543" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22543" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3656" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3949" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23841" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3656" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23841" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23840" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2016-4658" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-4658" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3582" }, { "trust": 0.1, "url": "https://docs.openshift.com/container-platform/4.8/migration_toolkit_for_con" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-38201" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-38201" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3694" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3749" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3749" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-27777" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-29154" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31535" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3653" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-32399" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29650" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27777" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-29154" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-32399" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-29650" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22555" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-31535" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-22555" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27922" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1109" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-7608" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26237" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-21270" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25292" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26237" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-25289" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20920" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3728" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-34552" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35653" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25289" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35654" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1109" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3721" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23368" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-8203" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1107" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3774" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-7608" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16137" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8203" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-21270" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23382" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-26291" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-15366" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25291" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-16492" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27921" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3774" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20920" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27515" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-20922" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-1010266" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-35654" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27923" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25290" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23364" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16492" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1010266" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-20922" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1107" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:3917" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-26291" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-35653" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-23382" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-16138" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-3728" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-3721" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2020-15366" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-27516" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16138" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-16137" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-25293" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23364" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23368" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33195" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33197" }, { "trust": 0.1, "url": "https://www.redhat.com/" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2021:4104" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33195" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-3121" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-33198" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33198" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-31525" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-34558" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2021-33197" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-31525" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-34558" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27782" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27775" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27774" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27781" }, { "trust": 0.1, "url": "https://www.debian.org/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-27776" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/curl" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2022-22576" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22945" } ], "sources": [ { "db": "VULHUB", "id": "VHN-381398" }, { "db": "VULMON", "id": "CVE-2021-22924" }, { "db": "PACKETSTORM", "id": "164523" }, { "db": "PACKETSTORM", "id": "166714" }, { "db": "PACKETSTORM", "id": "164583" }, { "db": "PACKETSTORM", "id": "164221" }, { "db": "PACKETSTORM", "id": "164342" }, { "db": "PACKETSTORM", "id": "164282" }, { "db": "PACKETSTORM", "id": "164555" }, { "db": "PACKETSTORM", "id": "164755" }, { "db": "PACKETSTORM", "id": "169318" }, { "db": "NVD", "id": "CVE-2021-22924" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-381398" }, { "db": "VULMON", "id": "CVE-2021-22924" }, { "db": "PACKETSTORM", "id": "164523" }, { "db": "PACKETSTORM", "id": "166714" }, { "db": "PACKETSTORM", "id": "164583" }, { "db": "PACKETSTORM", "id": "164221" }, { "db": "PACKETSTORM", "id": "164342" }, { "db": "PACKETSTORM", "id": "164282" }, { "db": "PACKETSTORM", "id": "164555" }, { "db": "PACKETSTORM", "id": "164755" }, { "db": "PACKETSTORM", "id": "169318" }, { "db": "NVD", "id": "CVE-2021-22924" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-08-05T00:00:00", "db": "VULHUB", "id": "VHN-381398" }, { "date": "2021-10-15T15:06:44", "db": "PACKETSTORM", "id": "164523" }, { "date": "2022-04-13T22:20:44", "db": "PACKETSTORM", "id": "166714" }, { "date": "2021-10-21T15:31:47", "db": "PACKETSTORM", "id": "164583" }, { "date": "2021-09-21T15:40:44", "db": "PACKETSTORM", "id": "164221" }, { "date": "2021-09-30T16:27:16", "db": "PACKETSTORM", "id": "164342" }, { "date": "2021-09-24T15:49:04", "db": "PACKETSTORM", "id": "164282" }, { "date": "2021-10-19T15:32:20", "db": "PACKETSTORM", "id": "164555" }, { "date": "2021-11-03T17:47:45", "db": "PACKETSTORM", "id": "164755" }, { "date": "2022-08-28T19:12:00", "db": "PACKETSTORM", "id": "169318" }, { "date": "2021-08-05T21:15:11.380000", "db": "NVD", "id": "CVE-2021-22924" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-10-28T00:00:00", "db": "VULHUB", "id": "VHN-381398" }, { "date": "2024-03-27T15:11:45.923000", "db": "NVD", "id": "CVE-2021-22924" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "169318" } ], "trust": 0.1 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat Security Advisory 2021-3873-01", "sources": [ { "db": "PACKETSTORM", "id": "164523" } ], "trust": 0.1 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "overflow", "sources": [ { "db": "PACKETSTORM", "id": "164523" }, { "db": "PACKETSTORM", "id": "164583" } ], "trust": 0.2 } }