Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities by rittal
VAR-201910-1187
Vulnerability from variot - Updated: 2023-12-18 13:28Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on and off and setting the temperature set point, can be modified without authentication. Carel pCOWeb Firmware is vulnerable to a lack of authentication for critical functions.Information may be tampered with. Rittal Chiller SK 3232-Series is a liquid cooling device from Rittal
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1187",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pcoweb",
"scope": "gte",
"trust": 1.0,
"vendor": "carel",
"version": "a1.5.3"
},
{
"model": "pcoweb",
"scope": "lte",
"trust": 1.0,
"vendor": "carel",
"version": "b1.2.4"
},
{
"model": "pcoweb card",
"scope": null,
"trust": 0.8,
"vendor": "carel industries s p a",
"version": null
},
{
"model": "chiller sk 3232-series",
"scope": null,
"trust": 0.6,
"vendor": "rittal",
"version": null
},
{
"model": "pcoweb",
"scope": "eq",
"trust": 0.6,
"vendor": "carel",
"version": "b1.2.4"
},
{
"model": "pcoweb",
"scope": "eq",
"trust": 0.6,
"vendor": "carel",
"version": "a1.5.3"
},
{
"model": "pcoweb",
"scope": "eq",
"trust": 0.6,
"vendor": "carel",
"version": "a2.0.4"
},
{
"model": "chiller sk 3232",
"scope": "eq",
"trust": 0.6,
"vendor": "rittal",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pcoweb",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "b9b1aba0-4836-4d8e-aa89-e14f250c31f3"
},
{
"db": "CNVD",
"id": "CNVD-2019-38069"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011385"
},
{
"db": "NVD",
"id": "CVE-2019-13549"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1481"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:carel:pcoweb_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "b1.2.4",
"versionStartIncluding": "a1.5.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rittal:chiller_sk_3232:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13549"
}
]
},
"cve": "CVE-2019-13549",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-13549",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-38069",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "b9b1aba0-4836-4d8e-aa89-e14f250c31f3",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-13549",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-13549",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-38069",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1481",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "b9b1aba0-4836-4d8e-aa89-e14f250c31f3",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b9b1aba0-4836-4d8e-aa89-e14f250c31f3"
},
{
"db": "CNVD",
"id": "CNVD-2019-38069"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011385"
},
{
"db": "NVD",
"id": "CVE-2019-13549"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1481"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 \u2013 B1.2.4. The authentication mechanism on affected systems does not provide a sufficient level of protection against unauthorized configuration changes. Primary operations, namely turning the cooling unit on and off and setting the temperature set point, can be modified without authentication. Carel pCOWeb Firmware is vulnerable to a lack of authentication for critical functions.Information may be tampered with. Rittal Chiller SK 3232-Series is a liquid cooling device from Rittal",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13549"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011385"
},
{
"db": "CNVD",
"id": "CNVD-2019-38069"
},
{
"db": "IVD",
"id": "b9b1aba0-4836-4d8e-aa89-e14f250c31f3"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13549",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-19-297-01",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-38069",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1481",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011385",
"trust": 0.8
},
{
"db": "IVD",
"id": "B9B1ABA0-4836-4D8E-AA89-E14F250C31F3",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b9b1aba0-4836-4d8e-aa89-e14f250c31f3"
},
{
"db": "CNVD",
"id": "CNVD-2019-38069"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011385"
},
{
"db": "NVD",
"id": "CVE-2019-13549"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1481"
}
]
},
"id": "VAR-201910-1187",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b9b1aba0-4836-4d8e-aa89-e14f250c31f3"
},
{
"db": "CNVD",
"id": "CNVD-2019-38069"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b9b1aba0-4836-4d8e-aa89-e14f250c31f3"
},
{
"db": "CNVD",
"id": "CNVD-2019-38069"
}
]
},
"last_update_date": "2023-12-18T13:28:22.546000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "pCOWeb card",
"trust": 0.8,
"url": "https://www.carel.com/bms-building-management-system-na/-/journal_content/56_instance_i4q5kimlinkk/10191/55239"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011385"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011385"
},
{
"db": "NVD",
"id": "CVE-2019-13549"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-297-01"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2019/oct/46"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13549"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13549"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-38069"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011385"
},
{
"db": "NVD",
"id": "CVE-2019-13549"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1481"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b9b1aba0-4836-4d8e-aa89-e14f250c31f3"
},
{
"db": "CNVD",
"id": "CNVD-2019-38069"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011385"
},
{
"db": "NVD",
"id": "CVE-2019-13549"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1481"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-30T00:00:00",
"db": "IVD",
"id": "b9b1aba0-4836-4d8e-aa89-e14f250c31f3"
},
{
"date": "2019-10-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-38069"
},
{
"date": "2019-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011385"
},
{
"date": "2019-10-25T18:15:10.880000",
"db": "NVD",
"id": "CVE-2019-13549"
},
{
"date": "2019-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1481"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-38069"
},
{
"date": "2019-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011385"
},
{
"date": "2020-02-10T21:50:16.310000",
"db": "NVD",
"id": "CVE-2019-13549"
},
{
"date": "2020-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1481"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1481"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rittal Chiller SK 3232-Series Improper access control vulnerability",
"sources": [
{
"db": "IVD",
"id": "b9b1aba0-4836-4d8e-aa89-e14f250c31f3"
},
{
"db": "CNVD",
"id": "CNVD-2019-38069"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "b9b1aba0-4836-4d8e-aa89-e14f250c31f3"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1481"
}
],
"trust": 0.8
}
}
VAR-201910-1189
Vulnerability from variot - Updated: 2023-12-18 13:28Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 – B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point. Carel pCOWeb The firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Rittal Chiller SK 3232-Series is a liquid cooling device from Rittal
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1189",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pcoweb",
"scope": "gte",
"trust": 1.0,
"vendor": "carel",
"version": "a1.5.3"
},
{
"model": "pcoweb",
"scope": "lte",
"trust": 1.0,
"vendor": "carel",
"version": "b1.2.4"
},
{
"model": "pcoweb card",
"scope": null,
"trust": 0.8,
"vendor": "carel industries s p a",
"version": null
},
{
"model": "chiller sk 3232-series",
"scope": null,
"trust": 0.6,
"vendor": "rittal",
"version": null
},
{
"model": "pcoweb",
"scope": "eq",
"trust": 0.6,
"vendor": "carel",
"version": "b1.2.4"
},
{
"model": "pcoweb",
"scope": "eq",
"trust": 0.6,
"vendor": "carel",
"version": "a1.5.3"
},
{
"model": "pcoweb",
"scope": "eq",
"trust": 0.6,
"vendor": "carel",
"version": "a2.0.4"
},
{
"model": "chiller sk 3232",
"scope": "eq",
"trust": 0.6,
"vendor": "rittal",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pcoweb",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e41e3f25-7243-4c72-8763-2ef6d713b92a"
},
{
"db": "CNVD",
"id": "CNVD-2019-39583"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011384"
},
{
"db": "NVD",
"id": "CVE-2019-13553"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1480"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:carel:pcoweb_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "b1.2.4",
"versionStartIncluding": "a1.5.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:rittal:chiller_sk_3232:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13553"
}
]
},
"cve": "CVE-2019-13553",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-13553",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-39583",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e41e3f25-7243-4c72-8763-2ef6d713b92a",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13553",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-13553",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-39583",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1480",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e41e3f25-7243-4c72-8763-2ef6d713b92a",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e41e3f25-7243-4c72-8763-2ef6d713b92a"
},
{
"db": "CNVD",
"id": "CNVD-2019-39583"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011384"
},
{
"db": "NVD",
"id": "CVE-2019-13553"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1480"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rittal Chiller SK 3232-Series web interface as built upon Carel pCOWeb firmware A1.5.3 \u2013 B1.2.4. The authentication mechanism on affected systems is configured using hard-coded credentials. These credentials could allow attackers to influence the primary operations of the affected systems, namely turning the cooling unit on and off and setting the temperature set point. Carel pCOWeb The firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Rittal Chiller SK 3232-Series is a liquid cooling device from Rittal",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13553"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011384"
},
{
"db": "CNVD",
"id": "CNVD-2019-39583"
},
{
"db": "IVD",
"id": "e41e3f25-7243-4c72-8763-2ef6d713b92a"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13553",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSA-19-297-01",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-39583",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1480",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011384",
"trust": 0.8
},
{
"db": "IVD",
"id": "E41E3F25-7243-4C72-8763-2EF6D713B92A",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e41e3f25-7243-4c72-8763-2ef6d713b92a"
},
{
"db": "CNVD",
"id": "CNVD-2019-39583"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011384"
},
{
"db": "NVD",
"id": "CVE-2019-13553"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1480"
}
]
},
"id": "VAR-201910-1189",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e41e3f25-7243-4c72-8763-2ef6d713b92a"
},
{
"db": "CNVD",
"id": "CNVD-2019-39583"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e41e3f25-7243-4c72-8763-2ef6d713b92a"
},
{
"db": "CNVD",
"id": "CNVD-2019-39583"
}
]
},
"last_update_date": "2023-12-18T13:28:22.517000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "pCOWeb card",
"trust": 0.8,
"url": "https://www.carel.com/bms-building-management-system-na/-/journal_content/56_instance_i4q5kimlinkk/10191/55239"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011384"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011384"
},
{
"db": "NVD",
"id": "CVE-2019-13553"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-297-01"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2019/oct/45"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13553"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13553"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39583"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011384"
},
{
"db": "NVD",
"id": "CVE-2019-13553"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1480"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e41e3f25-7243-4c72-8763-2ef6d713b92a"
},
{
"db": "CNVD",
"id": "CNVD-2019-39583"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011384"
},
{
"db": "NVD",
"id": "CVE-2019-13553"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1480"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-07T00:00:00",
"db": "IVD",
"id": "e41e3f25-7243-4c72-8763-2ef6d713b92a"
},
{
"date": "2019-11-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39583"
},
{
"date": "2019-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011384"
},
{
"date": "2019-10-25T18:15:10.943000",
"db": "NVD",
"id": "CVE-2019-13553"
},
{
"date": "2019-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1480"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39583"
},
{
"date": "2019-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011384"
},
{
"date": "2020-02-10T21:50:16.450000",
"db": "NVD",
"id": "CVE-2019-13553"
},
{
"date": "2020-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1480"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1480"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rittal Chiller SK 3232-Series Trust Management Issue Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e41e3f25-7243-4c72-8763-2ef6d713b92a"
},
{
"db": "CNVD",
"id": "CNVD-2019-39583"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1480"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1480"
}
],
"trust": 0.6
}
}
CVE-2022-40633 (GCVE-0-2022-40633)
Vulnerability from nvd – Published: 2023-03-02 22:18 – Updated: 2025-01-17 22:11{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-40633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T17:01:43.026101Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T22:11:59.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CMC III",
"vendor": "Rittal",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A malicious actor can clone access cards used to open control cabinets secured with Rittal CMC III locks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T22:18:31.192Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rittal CMC III Improper Access Control",
"x_generator": {
"engine": "VINCE 2.0.6",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2022-40633"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-40633",
"datePublished": "2023-03-02T22:18:31.192Z",
"dateReserved": "2022-12-21T17:02:52.822Z",
"dateUpdated": "2025-01-17T22:11:59.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11956 (GCVE-0-2020-11956)
Vulnerability from nvd – Published: 2020-07-14 13:05 – Updated: 2024-08-04 11:42- n/a
| URL | Tags |
|---|---|
| https://sec-consult.com/en/blog/advisories/multip… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. There is a least privilege violation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T13:05:39.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. There is a least privilege violation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11956",
"datePublished": "2020-07-14T13:05:39.000Z",
"dateReserved": "2020-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11955 (GCVE-0-2020-11955)
Vulnerability from nvd – Published: 2020-07-14 13:03 – Updated: 2024-08-04 11:42- n/a
| URL | Tags |
|---|---|
| https://sec-consult.com/en/blog/advisories/multip… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Rittal PDU-3C002DEC through 5.15.70 and CMCIII-PU-9333E0FB through 3.15.70 devices. There are insecure permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T13:03:51.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Rittal PDU-3C002DEC through 5.15.70 and CMCIII-PU-9333E0FB through 3.15.70 devices. There are insecure permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11955",
"datePublished": "2020-07-14T13:03:51.000Z",
"dateReserved": "2020-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11953 (GCVE-0-2020-11953)
Vulnerability from nvd – Published: 2020-07-14 13:02 – Updated: 2024-08-04 11:42- n/a
| URL | Tags |
|---|---|
| https://sec-consult.com/en/blog/advisories/multip… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Rittal PDU-3C002DEC through 5.15.40 and CMCIII-PU-9333E0FB through 3.15.70_4 devices. Attackers can execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T13:02:40.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Rittal PDU-3C002DEC through 5.15.40 and CMCIII-PU-9333E0FB through 3.15.70_4 devices. Attackers can execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11953",
"datePublished": "2020-07-14T13:02:40.000Z",
"dateReserved": "2020-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11952 (GCVE-0-2020-11952)
Vulnerability from nvd – Published: 2020-07-14 13:01 – Updated: 2024-08-04 11:42- n/a
| URL | Tags |
|---|---|
| https://sec-consult.com/en/blog/advisories/multip… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. Attackers can bypass the CLI menu."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T13:01:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. Attackers can bypass the CLI menu."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11952",
"datePublished": "2020-07-14T13:01:31.000Z",
"dateReserved": "2020-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11951 (GCVE-0-2020-11951)
Vulnerability from nvd – Published: 2020-07-14 13:00 – Updated: 2024-08-04 11:42- n/a
| URL | Tags |
|---|---|
| https://sec-consult.com/en/blog/advisories/multip… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. There is a Backdoor root account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T13:00:40.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. There is a Backdoor root account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11951",
"datePublished": "2020-07-14T13:00:40.000Z",
"dateReserved": "2020-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-40633 (GCVE-0-2022-40633)
Vulnerability from cvelistv5 – Published: 2023-03-02 22:18 – Updated: 2025-01-17 22:11{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:21:46.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-40633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T17:01:43.026101Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T22:11:59.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CMC III",
"vendor": "Rittal",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A malicious actor can clone access cards used to open control cabinets secured with Rittal CMC III locks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T22:18:31.192Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-061-03"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rittal CMC III Improper Access Control",
"x_generator": {
"engine": "VINCE 2.0.6",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2022-40633"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2022-40633",
"datePublished": "2023-03-02T22:18:31.192Z",
"dateReserved": "2022-12-21T17:02:52.822Z",
"dateUpdated": "2025-01-17T22:11:59.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11956 (GCVE-0-2020-11956)
Vulnerability from cvelistv5 – Published: 2020-07-14 13:05 – Updated: 2024-08-04 11:42- n/a
| URL | Tags |
|---|---|
| https://sec-consult.com/en/blog/advisories/multip… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.931Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. There is a least privilege violation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T13:05:39.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. There is a least privilege violation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11956",
"datePublished": "2020-07-14T13:05:39.000Z",
"dateReserved": "2020-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11955 (GCVE-0-2020-11955)
Vulnerability from cvelistv5 – Published: 2020-07-14 13:03 – Updated: 2024-08-04 11:42- n/a
| URL | Tags |
|---|---|
| https://sec-consult.com/en/blog/advisories/multip… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Rittal PDU-3C002DEC through 5.15.70 and CMCIII-PU-9333E0FB through 3.15.70 devices. There are insecure permissions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T13:03:51.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Rittal PDU-3C002DEC through 5.15.70 and CMCIII-PU-9333E0FB through 3.15.70 devices. There are insecure permissions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11955",
"datePublished": "2020-07-14T13:03:51.000Z",
"dateReserved": "2020-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11953 (GCVE-0-2020-11953)
Vulnerability from cvelistv5 – Published: 2020-07-14 13:02 – Updated: 2024-08-04 11:42- n/a
| URL | Tags |
|---|---|
| https://sec-consult.com/en/blog/advisories/multip… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Rittal PDU-3C002DEC through 5.15.40 and CMCIII-PU-9333E0FB through 3.15.70_4 devices. Attackers can execute code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T13:02:40.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Rittal PDU-3C002DEC through 5.15.40 and CMCIII-PU-9333E0FB through 3.15.70_4 devices. Attackers can execute code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11953",
"datePublished": "2020-07-14T13:02:40.000Z",
"dateReserved": "2020-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11952 (GCVE-0-2020-11952)
Vulnerability from cvelistv5 – Published: 2020-07-14 13:01 – Updated: 2024-08-04 11:42- n/a
| URL | Tags |
|---|---|
| https://sec-consult.com/en/blog/advisories/multip… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. Attackers can bypass the CLI menu."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T13:01:31.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. Attackers can bypass the CLI menu."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11952",
"datePublished": "2020-07-14T13:01:31.000Z",
"dateReserved": "2020-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11951 (GCVE-0-2020-11951)
Vulnerability from cvelistv5 – Published: 2020-07-14 13:00 – Updated: 2024-08-04 11:42- n/a
| URL | Tags |
|---|---|
| https://sec-consult.com/en/blog/advisories/multip… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. There is a Backdoor root account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-14T13:00:40.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. There is a Backdoor root account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-multiple-rittal-products-based-on-same-software/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11951",
"datePublished": "2020-07-14T13:00:40.000Z",
"dateReserved": "2020-04-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:42:00.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}