Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2019-AVI-207
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC HMI Comfort Outdoor Panels 7" & 15" versions antérieures à V15.1 Update 1 | ||
| Siemens | N/A | SIMATIC HMI Comfort Panels 4" - 22" versions antérieures à V15.1 Update 1 | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) versions antérieures à V15.1 Update 1 | ||
| Siemens | N/A | SISHIP IPMS | ||
| Siemens | N/A | SIMATIC PCS 7 | ||
| Siemens | N/A | LOGO! Soft Comfort | ||
| Siemens | N/A | LOGO!8 BM | ||
| Siemens | N/A | SIMATIC HMI KTP Mobile Panels KTP400F,KTP700, KTP700F, KTP900 et KTP900F versions antérieures à V15.1 Update 1 | ||
| Siemens | N/A | SIMATIC WinCC V7.5 versions antérieures à V7.5 Upd3 | ||
| Siemens | N/A | SIMATIC HMI Classic Devices (TP/MP/OP/MPMobile Panel) | ||
| Siemens | N/A | SINAMICS PERFECT HARMONY GH180 | ||
| Siemens | N/A | SISHIP IMAC | ||
| Siemens | N/A | SISHIP EMCS | ||
| Siemens | N/A | SIMATIC WinCC Runtime Advanced versions antérieures à V15.1 Update 1 | ||
| Siemens | N/A | SCALANCE W1750D versions antérieures à V8.4.0.1 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional versions antérieures à V15.1 Update 1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" versions ant\u00e9rieures \u00e0 V15.1 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI Comfort Panels 4\" - 22\" versions ant\u00e9rieures \u00e0 V15.1 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) versions ant\u00e9rieures \u00e0 V15.1 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SISHIP IPMS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! Soft Comfort",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO!8 BM",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI KTP Mobile Panels KTP400F,KTP700, KTP700F, KTP900 et KTP900F versions ant\u00e9rieures \u00e0 V15.1 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 Upd3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI Classic Devices (TP/MP/OP/MPMobile Panel)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS PERFECT HARMONY GH180",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SISHIP IMAC",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SISHIP EMCS",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Advanced versions ant\u00e9rieures \u00e0 V15.1 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W1750D versions ant\u00e9rieures \u00e0 V8.4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional versions ant\u00e9rieures \u00e0 V15.1 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-7083",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7083"
},
{
"name": "CVE-2019-10919",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10919"
},
{
"name": "CVE-2019-10920",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10920"
},
{
"name": "CVE-2019-6572",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6572"
},
{
"name": "CVE-2018-16417",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16417"
},
{
"name": "CVE-2018-3991",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3991"
},
{
"name": "CVE-2019-10916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10916"
},
{
"name": "CVE-2018-3990",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3990"
},
{
"name": "CVE-2018-3989",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3989"
},
{
"name": "CVE-2019-10922",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10922"
},
{
"name": "CVE-2019-10921",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10921"
},
{
"name": "CVE-2019-10924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10924"
},
{
"name": "CVE-2019-10918",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10918"
},
{
"name": "CVE-2019-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10917"
},
{
"name": "CVE-2018-7064",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7064"
},
{
"name": "CVE-2019-6578",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6578"
},
{
"name": "CVE-2018-7084",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7084"
},
{
"name": "CVE-2019-6576",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6576"
},
{
"name": "CVE-2019-6577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6577"
},
{
"name": "CVE-2019-6574",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6574"
},
{
"name": "CVE-2018-7082",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7082"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-207",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-05-14T00:00:00.000000"
},
{
"description": "Ajout de SCADA dans le titre.",
"revision_date": "2019-05-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-705517 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-705517.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-865156 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-865156.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-902727 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-606525 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-606525.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-549547 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-697412 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-804486 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-804486.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-102144 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-102144.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-542701 du 14 mai 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf"
}
]
}
CVE-2018-16417 (GCVE-0-2018-16417)
Vulnerability from cvelistv5 – Published: 2019-10-30 16:26 – Updated: 2024-08-05 10:24
VLAI
EPSS
Summary
Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-… | x_refsource_CONFIRM |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/108374 | vdb-entryx_refsource_BID |
| https://www.us-cert.gov/ics/advisories/ICSA-19-134-07 | x_refsource_MISC |
| https://www.anquanke.com/vul/id/1652568 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:24:32.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"name": "108374",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108374"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-07"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.anquanke.com/vul/id/1652568"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-30T16:28:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"name": "108374",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108374"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-07"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.anquanke.com/vul/id/1652568"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aruba Instant 4.x prior to 6.4.4.8-4.2.4.12, 6.5.x prior to 6.5.4.11, 8.3.x prior to 8.3.0.6, and 8.4.x prior to 8.4.0.1 allows Command injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt",
"refsource": "CONFIRM",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"name": "108374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108374"
},
{
"name": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-07",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-07"
},
{
"name": "https://www.anquanke.com/vul/id/1652568",
"refsource": "MISC",
"url": "https://www.anquanke.com/vul/id/1652568"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-16417",
"datePublished": "2019-10-30T16:26:32.000Z",
"dateReserved": "2018-09-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T10:24:32.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-3989 (GCVE-0-2018-3989)
Vulnerability from cvelistv5 – Published: 2019-02-05 22:00 – Updated: 2024-08-05 04:57
VLAI
EPSS
Summary
An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.
Severity
4.3 (Medium)
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/107005 | vdb-entryx_refsource_BID |
| https://talosintelligence.com/vulnerability_repor… | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
Date Public
2018-01-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:57:24.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107005",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:07:37.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "107005",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107005"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2018-3989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 4.3,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107005"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0657"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2018-3989",
"datePublished": "2019-02-05T22:00:00.000Z",
"dateReserved": "2018-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:57:24.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-3990 (GCVE-0-2018-3990)
Vulnerability from cvelistv5 – Published: 2019-02-05 22:00 – Updated: 2024-08-05 04:57
VLAI
EPSS
Summary
An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation. An attacker can send an IRP request to trigger this vulnerability.
Severity
9.3 (Critical)
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/107005 | vdb-entryx_refsource_BID |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://talosintelligence.com/vulnerability_repor… | x_refsource_MISC |
Date Public
2018-01-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:57:24.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107005",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107005"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0658"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation. An attacker can send an IRP request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:07:38.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "107005",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107005"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0658"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2018-3990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege escalation. An attacker can send an IRP request to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.3,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107005"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0658",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0658"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2018-3990",
"datePublished": "2019-02-05T22:00:00.000Z",
"dateReserved": "2018-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:57:24.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-3991 (GCVE-0-2018-3991)
Vulnerability from cvelistv5 – Published: 2019-02-05 22:00 – Updated: 2024-08-05 04:57
VLAI
EPSS
Summary
An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability.
Severity
10 (Critical)
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/107005 | vdb-entryx_refsource_BID |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://talosintelligence.com/vulnerability_repor… | x_refsource_MISC |
Date Public
2018-01-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:57:24.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107005",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107005"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:07:39.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "107005",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107005"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2018-3991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 10,
"baseSeverity": null,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107005"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-760124.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-902727.pdf"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0659"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2018-3991",
"datePublished": "2019-02-05T22:00:00.000Z",
"dateReserved": "2018-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:57:24.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7064 (GCVE-0-2018-7064)
Vulnerability from cvelistv5 – Published: 2019-05-10 17:10 – Updated: 2024-08-05 06:17
VLAI
EPSS
Summary
A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take administrative actions on the Instant cluster, or expose the session cookie for an administrative session. Workaround: Administrators should make sure they log out of the Aruba Instant UI when not actively managing the system, and should use caution clicking links from external sources while logged into the IAP administrative interface. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0
Severity
No CVSS data available.
CWE
- Reflected Cross-Site Scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-… | x_refsource_CONFIRM |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/108374 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Aruba Instant (IAP) |
Affected:
Aruba Instant 4.x prior to 6.4.4.8 - 4.2.4.12 Aruba Instant 6.5.x prior to 6.5.4.11 Aruba Instant 8.3.x prior to 8.3.0.6 Aruba Instant 8.4.x prior to 8.4.0.1
|
Date Public
2019-02-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"name": "108374",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108374"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant (IAP)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 4.x prior to 6.4.4.8 - 4.2.4.12 Aruba Instant 6.5.x prior to 6.5.4.11 Aruba Instant 8.3.x prior to 8.3.0.6 Aruba Instant 8.4.x prior to 8.4.0.1"
}
]
}
],
"datePublic": "2019-02-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take administrative actions on the Instant cluster, or expose the session cookie for an administrative session. Workaround: Administrators should make sure they log out of the Aruba Instant UI when not actively managing the system, and should use caution clicking links from external sources while logged into the IAP administrative interface. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reflected Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-20T15:06:02.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"name": "108374",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108374"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2018-7064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant (IAP)",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 4.x prior to 6.4.4.8 - 4.2.4.12 Aruba Instant 6.5.x prior to 6.5.4.11 Aruba Instant 8.3.x prior to 8.3.0.6 Aruba Instant 8.4.x prior to 8.4.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected cross-site scripting (XSS) vulnerability is present in an unauthenticated Aruba Instant web interface. An attacker could use this vulnerability to trick an IAP administrator into clicking a link which could then take administrative actions on the Instant cluster, or expose the session cookie for an administrative session. Workaround: Administrators should make sure they log out of the Aruba Instant UI when not actively managing the system, and should use caution clicking links from external sources while logged into the IAP administrative interface. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt",
"refsource": "CONFIRM",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"name": "108374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108374"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2018-7064",
"datePublished": "2019-05-10T17:10:32.000Z",
"dateReserved": "2018-02-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:17:17.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7082 (GCVE-0-2018-7082)
Vulnerability from cvelistv5 – Published: 2019-05-10 16:49 – Updated: 2024-08-05 06:17
VLAI
EPSS
Summary
A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0
Severity
No CVSS data available.
CWE
- Authenticated command injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-… | x_refsource_CONFIRM |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/108374 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Aruba Instant (IAP) |
Affected:
Aruba Instant 4.x prior to 6.4.4.8 - 4.2.4.12 Aruba Instant 6.5.x prior to 6.5.4.11 Aruba Instant 8.3.x prior to 8.3.0.6 Aruba Instant 8.4.x prior to 8.4.0.1
|
Date Public
2019-02-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"name": "108374",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108374"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant (IAP)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 4.x prior to 6.4.4.8 - 4.2.4.12 Aruba Instant 6.5.x prior to 6.5.4.11 Aruba Instant 8.3.x prior to 8.3.0.6 Aruba Instant 8.4.x prior to 8.4.0.1"
}
]
}
],
"datePublic": "2019-02-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-20T15:06:02.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"name": "108374",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108374"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2018-7082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant (IAP)",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 4.x prior to 6.4.4.8 - 4.2.4.12 Aruba Instant 6.5.x prior to 6.5.4.11 Aruba Instant 8.3.x prior to 8.3.0.6 Aruba Instant 8.4.x prior to 8.4.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability is present in Aruba Instant that permits an authenticated administrative user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. Workaround: None. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt",
"refsource": "CONFIRM",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"name": "108374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108374"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2018-7082",
"datePublished": "2019-05-10T16:49:16.000Z",
"dateReserved": "2018-02-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:17:17.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7083 (GCVE-0-2018-7083)
Vulnerability from cvelistv5 – Published: 2019-05-10 16:43 – Updated: 2024-08-05 06:17
VLAI
EPSS
Summary
If a process running within Aruba Instant crashes, it may leave behind a "core dump", which contains the memory contents of the process at the time it crashed. It was discovered that core dumps are stored in a way that unauthenticated users can access them through the Aruba Instant web interface. Core dumps could contain sensitive information such as keys and passwords. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0
Severity
No CVSS data available.
CWE
- Core dumps are publicly accessible
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.arubanetworks.com/assets/alert/ARUBA-P… | x_refsource_CONFIRM |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/108374 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Aruba Instant (IAP) |
Affected:
Aruba Instant 4.x prior to 6.4.4.8 - 4.2.4.12 Aruba Instant 6.5.x prior to 6.5.4.11 Aruba Instant 8.3.x prior to 8.3.0.6 Aruba Instant 8.4.x prior to 8.4.0.1
|
Date Public
2019-02-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"name": "108374",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108374"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant (IAP)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 4.x prior to 6.4.4.8 - 4.2.4.12 Aruba Instant 6.5.x prior to 6.5.4.11 Aruba Instant 8.3.x prior to 8.3.0.6 Aruba Instant 8.4.x prior to 8.4.0.1"
}
]
}
],
"datePublic": "2019-02-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "If a process running within Aruba Instant crashes, it may leave behind a \"core dump\", which contains the memory contents of the process at the time it crashed. It was discovered that core dumps are stored in a way that unauthenticated users can access them through the Aruba Instant web interface. Core dumps could contain sensitive information such as keys and passwords. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Core dumps are publicly accessible",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-20T15:06:03.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"name": "108374",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108374"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2018-7083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant (IAP)",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 4.x prior to 6.4.4.8 - 4.2.4.12 Aruba Instant 6.5.x prior to 6.5.4.11 Aruba Instant 8.3.x prior to 8.3.0.6 Aruba Instant 8.4.x prior to 8.4.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If a process running within Aruba Instant crashes, it may leave behind a \"core dump\", which contains the memory contents of the process at the time it crashed. It was discovered that core dumps are stored in a way that unauthenticated users can access them through the Aruba Instant web interface. Core dumps could contain sensitive information such as keys and passwords. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Core dumps are publicly accessible"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"name": "108374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108374"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2018-7083",
"datePublished": "2019-05-10T16:43:30.000Z",
"dateReserved": "2018-02-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:17:17.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7084 (GCVE-0-2018-7084)
Vulnerability from cvelistv5 – Published: 2019-05-10 17:14 – Updated: 2024-08-05 06:17
VLAI
EPSS
Summary
A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete files, or reboot the device. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.1
Severity
No CVSS data available.
CWE
- Unauthenticated command execution
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.arubanetworks.com/assets/alert/ARUBA-… | x_refsource_CONFIRM |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/108374 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Aruba Instant (IAP) |
Affected:
Aruba Instant 4.x prior to 6.4.4.8 - 4.2.4.12 Aruba Instant 6.5.x prior to 6.5.4.11 Aruba Instant 8.3.x prior to 8.3.0.6 Aruba Instant 8.4.x prior to 8.4.0.1
|
Date Public
2019-02-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"name": "108374",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108374"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Aruba Instant (IAP)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Aruba Instant 4.x prior to 6.4.4.8 - 4.2.4.12 Aruba Instant 6.5.x prior to 6.5.4.11 Aruba Instant 8.3.x prior to 8.3.0.6 Aruba Instant 8.4.x prior to 8.4.0.1"
}
]
}
],
"datePublic": "2019-02-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete files, or reboot the device. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.1"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated command execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-20T15:06:02.000Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"name": "108374",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108374"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2018-7084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Aruba Instant (IAP)",
"version": {
"version_data": [
{
"version_value": "Aruba Instant 4.x prior to 6.4.4.8 - 4.2.4.12 Aruba Instant 6.5.x prior to 6.5.4.11 Aruba Instant 8.3.x prior to 8.3.0.6 Aruba Instant 8.4.x prior to 8.4.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete files, or reboot the device. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated command execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt",
"refsource": "CONFIRM",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-001.txt"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549547.pdf"
},
{
"name": "108374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108374"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2018-7084",
"datePublished": "2019-05-10T17:14:37.000Z",
"dateReserved": "2018-02-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T06:17:17.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10916 (GCVE-0-2019-10916)
Vulnerability from cvelistv5 – Published: 2019-05-14 19:54 – Updated: 2024-08-04 22:40
VLAI
EPSS
Summary
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server. The vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.
Severity
No CVSS data available.
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://www.us-cert.gov/ics/advisories/ICSA-19-134-08 | x_refsource_MISC |
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens AG | SIMATIC PCS 7 V8.0 and earlier |
Affected:
All versions
|
|
| Siemens AG | SIMATIC PCS 7 V8.1 |
Affected:
All versions < V8.1 with WinCC V7.3 Upd 19
|
|
| Siemens AG | SIMATIC PCS 7 V8.2 |
Affected:
All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11
|
|
| Siemens AG | SIMATIC PCS 7 V9.0 |
Affected:
All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11
|
|
| Siemens AG | SIMATIC WinCC (TIA Portal) V13 |
Affected:
All versions
|
|
| Siemens AG | SIMATIC WinCC (TIA Portal) V14 |
Affected:
All versions < V14 SP1 Upd 9
|
|
| Siemens AG | SIMATIC WinCC (TIA Portal) V15 |
Affected:
All versions < V15.1 Upd 3
|
|
| Siemens AG | SIMATIC WinCC Runtime Professional V13 |
Affected:
All versions
|
|
| Siemens AG | SIMATIC WinCC Runtime Professional V14 |
Affected:
All versions < V14.1 Upd 8
|
|
| Siemens AG | SIMATIC WinCC Runtime Professional V15 |
Affected:
All versions < V15.1 Upd 3
|
|
| Siemens AG | SIMATIC WinCC V7.2 and earlier |
Affected:
All versions
|
|
| Siemens AG | SIMATIC WinCC V7.3 |
Affected:
All versions < V7.3 Upd 19
|
|
| Siemens AG | SIMATIC WinCC V7.4 |
Affected:
All versions < V7.4 SP1 Upd 11
|
|
| Siemens AG | SIMATIC WinCC V7.5 |
Affected:
All versions < V7.5 Upd 3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC PCS 7 V8.0 and earlier",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC PCS 7 V8.1",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.1 with WinCC V7.3 Upd 19"
}
]
},
{
"product": "SIMATIC PCS 7 V8.2",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.2 SP1 with WinCC V7.4 SP1 Upd11"
}
]
},
{
"product": "SIMATIC PCS 7 V9.0",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V9.0 SP2 with WinCC V7.4 SP1 Upd11"
}
]
},
{
"product": "SIMATIC WinCC (TIA Portal) V13",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC WinCC (TIA Portal) V14",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14 SP1 Upd 9"
}
]
},
{
"product": "SIMATIC WinCC (TIA Portal) V15",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Upd 3"
}
]
},
{
"product": "SIMATIC WinCC Runtime Professional V13",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC WinCC Runtime Professional V14",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14.1 Upd 8"
}
]
},
{
"product": "SIMATIC WinCC Runtime Professional V15",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Upd 3"
}
]
},
{
"product": "SIMATIC WinCC V7.2 and earlier",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC WinCC V7.3",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.3 Upd 19"
}
]
},
{
"product": "SIMATIC WinCC V7.4",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.4 SP1 Upd 11"
}
]
},
{
"product": "SIMATIC WinCC V7.5",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.5 Upd 3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions \u003c V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions \u003c V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions \u003c V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions \u003c V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions \u003c V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions \u003c V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions \u003c V7.5 Upd 3). An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server. The vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T19:27:04.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-08"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-10916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V8.0 and earlier",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC PCS 7 V8.1",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.1 with WinCC V7.3 Upd 19"
}
]
}
},
{
"product_name": "SIMATIC PCS 7 V8.2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.2 SP1 with WinCC V7.4 SP1 Upd11"
}
]
}
},
{
"product_name": "SIMATIC PCS 7 V9.0",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V9.0 SP2 with WinCC V7.4 SP1 Upd11"
}
]
}
},
{
"product_name": "SIMATIC WinCC (TIA Portal) V13",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC WinCC (TIA Portal) V14",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V14 SP1 Upd 9"
}
]
}
},
{
"product_name": "SIMATIC WinCC (TIA Portal) V15",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Upd 3"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Professional V13",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Professional V14",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V14.1 Upd 8"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Professional V15",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Upd 3"
}
]
}
},
{
"product_name": "SIMATIC WinCC V7.2 and earlier",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC WinCC V7.3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V7.3 Upd 19"
}
]
}
},
{
"product_name": "SIMATIC WinCC V7.4",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V7.4 SP1 Upd 11"
}
]
}
},
{
"product_name": "SIMATIC WinCC V7.5",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V7.5 Upd 3"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions \u003c V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions \u003c V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions \u003c V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions \u003c V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions \u003c V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions \u003c V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions \u003c V7.5 Upd 3). An attacker with access to the project file could run arbitrary system commands with the privileges of the local database server. The vulnerability could be exploited by an attacker with access to the project file. The vulnerability does impact the confidentiality, integrity, and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-08",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-08"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-10916",
"datePublished": "2019-05-14T19:54:48.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:15.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10917 (GCVE-0-2019-10917)
Vulnerability from cvelistv5 – Published: 2019-05-14 19:54 – Updated: 2024-08-04 22:40
VLAI
EPSS
Summary
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded. Successful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.
Severity
No CVSS data available.
CWE
- CWE-248 - Uncaught Exception
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://www.us-cert.gov/ics/advisories/ICSA-19-134-08 | x_refsource_MISC |
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens AG | SIMATIC PCS 7 V8.0 and earlier |
Affected:
All versions
|
|
| Siemens AG | SIMATIC PCS 7 V8.1 |
Affected:
All versions < V8.1 with WinCC V7.3 Upd 19
|
|
| Siemens AG | SIMATIC PCS 7 V8.2 |
Affected:
All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11
|
|
| Siemens AG | SIMATIC PCS 7 V9.0 |
Affected:
All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11
|
|
| Siemens AG | SIMATIC WinCC (TIA Portal) V13 |
Affected:
All versions
|
|
| Siemens AG | SIMATIC WinCC (TIA Portal) V14 |
Affected:
All versions < V14 SP1 Upd 9
|
|
| Siemens AG | SIMATIC WinCC (TIA Portal) V15 |
Affected:
All versions < V15.1 Upd 3
|
|
| Siemens AG | SIMATIC WinCC Runtime Professional V13 |
Affected:
All versions
|
|
| Siemens AG | SIMATIC WinCC Runtime Professional V14 |
Affected:
All versions < V14.1 Upd 8
|
|
| Siemens AG | SIMATIC WinCC Runtime Professional V15 |
Affected:
All versions < V15.1 Upd 3
|
|
| Siemens AG | SIMATIC WinCC V7.2 and earlier |
Affected:
All versions
|
|
| Siemens AG | SIMATIC WinCC V7.3 |
Affected:
All versions < V7.3 Upd 19
|
|
| Siemens AG | SIMATIC WinCC V7.4 |
Affected:
All versions < V7.4 SP1 Upd 11
|
|
| Siemens AG | SIMATIC WinCC V7.5 |
Affected:
All versions < V7.5 Upd 3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-08"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC PCS 7 V8.0 and earlier",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC PCS 7 V8.1",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.1 with WinCC V7.3 Upd 19"
}
]
},
{
"product": "SIMATIC PCS 7 V8.2",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V8.2 SP1 with WinCC V7.4 SP1 Upd11"
}
]
},
{
"product": "SIMATIC PCS 7 V9.0",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V9.0 SP2 with WinCC V7.4 SP1 Upd11"
}
]
},
{
"product": "SIMATIC WinCC (TIA Portal) V13",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC WinCC (TIA Portal) V14",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14 SP1 Upd 9"
}
]
},
{
"product": "SIMATIC WinCC (TIA Portal) V15",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Upd 3"
}
]
},
{
"product": "SIMATIC WinCC Runtime Professional V13",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC WinCC Runtime Professional V14",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14.1 Upd 8"
}
]
},
{
"product": "SIMATIC WinCC Runtime Professional V15",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Upd 3"
}
]
},
{
"product": "SIMATIC WinCC V7.2 and earlier",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC WinCC V7.3",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.3 Upd 19"
}
]
},
{
"product": "SIMATIC WinCC V7.4",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.4 SP1 Upd 11"
}
]
},
{
"product": "SIMATIC WinCC V7.5",
"vendor": "Siemens AG",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.5 Upd 3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions \u003c V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions \u003c V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions \u003c V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions \u003c V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions \u003c V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions \u003c V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions \u003c V7.5 Upd 3). An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded. Successful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-23T19:28:02.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-08"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-10917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V8.0 and earlier",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC PCS 7 V8.1",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.1 with WinCC V7.3 Upd 19"
}
]
}
},
{
"product_name": "SIMATIC PCS 7 V8.2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V8.2 SP1 with WinCC V7.4 SP1 Upd11"
}
]
}
},
{
"product_name": "SIMATIC PCS 7 V9.0",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V9.0 SP2 with WinCC V7.4 SP1 Upd11"
}
]
}
},
{
"product_name": "SIMATIC WinCC (TIA Portal) V13",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC WinCC (TIA Portal) V14",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V14 SP1 Upd 9"
}
]
}
},
{
"product_name": "SIMATIC WinCC (TIA Portal) V15",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Upd 3"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Professional V13",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Professional V14",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V14.1 Upd 8"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Professional V15",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Upd 3"
}
]
}
},
{
"product_name": "SIMATIC WinCC V7.2 and earlier",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC WinCC V7.3",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V7.3 Upd 19"
}
]
}
},
{
"product_name": "SIMATIC WinCC V7.4",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V7.4 SP1 Upd 11"
}
]
}
},
{
"product_name": "SIMATIC WinCC V7.5",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V7.5 Upd 3"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions \u003c V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions \u003c V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions \u003c V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions \u003c V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions \u003c V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions \u003c V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions \u003c V7.5 Upd 3). An attacker with local access to the project file could cause a Denial-of-Service condition on the affected product while the project file is loaded. Successful exploitation requires access to the project file. An attacker could use the vulnerability to compromise availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-08",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-08"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-10917",
"datePublished": "2019-05-14T19:54:48.000Z",
"dateReserved": "2019-04-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T22:40:15.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…