Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-28895 (GCVE-0-2020-28895)
Vulnerability from cvelistv5 – Published: 2021-02-03 15:16 – Updated: 2024-08-04 16:41
VLAI
EPSS
Title
integer overflow in calloc
Summary
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
Severity
7.3 (High)
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://support2.windriver.com/index.php?page=def… | x_refsource_MISC |
| https://support2.windriver.com/index.php?page=cve… | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
Date Public
2020-12-14 00:00
Credits
Reported by Omri Ben Bassat <v-obenbassat@microsoft.com>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:41:00.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Omri Ben Bassat \u003cv-obenbassat@microsoft.com\u003e"
}
],
"datePublic": "2020-12-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:22:39.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "integer overflow in calloc",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28895",
"STATE": "PUBLIC",
"TITLE": "integer overflow in calloc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by Omri Ben Bassat \u003cv-obenbassat@microsoft.com\u003e"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327",
"refsource": "MISC",
"url": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327"
},
{
"name": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895",
"refsource": "MISC",
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-28895",
"datePublished": "2021-02-03T15:16:34.000Z",
"dateReserved": "2020-11-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:41:00.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-28895",
"date": "2026-06-02",
"epss": "0.00333",
"percentile": "0.56364"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.9\", \"versionEndExcluding\": \"6.9.4.12\", \"matchCriteriaId\": \"2E27E761-92D8-4A67-8D23-213E0C7BFFC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:windriver:vxworks:6.9.4.12:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"69674D4D-2848-46BA-9367-7AA85EE2CD99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer1:*:*:*:*:*:*\", \"matchCriteriaId\": \"1052B8F5-1BC4-46B6-A8F1-F1BF9A40DDAF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"46.8.0\", \"versionEndIncluding\": \"48.6.2\", \"matchCriteriaId\": \"1507EFE2-DA83-42D7-B075-91EE060B6B35\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"46.9.1\", \"versionEndIncluding\": \"46.9.3\", \"matchCriteriaId\": \"4143A5F6-CD91-4209-A52B-98854CCAC987\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_eagle:46.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FED9166-7A2A-453D-9792-7A6361CEF594\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.\"}, {\"lang\": \"es\", \"value\": \"En Wind River VxWorks, el asignador de memoria presenta un posible desbordamiento en el calculo del tama\\u00f1o del bloque de memoria que se asignar\\u00e1 por medio de la funci\\u00f3n calloc().\u0026#xa0;Como resultado, la memoria real asignada es menor que el tama\\u00f1o del b\\u00fafer especificado por los argumentos, conllevando a una corrupci\\u00f3n en la memoria\"}]",
"id": "CVE-2020-28895",
"lastModified": "2024-11-21T05:23:14.430",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"cve@mitre.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-02-03T16:15:13.633",
"references": "[{\"url\": \"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327\", \"source\": \"cve@mitre.org\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-190\"}, {\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-28895\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-02-03T16:15:13.633\",\"lastModified\":\"2024-11-21T05:23:14.430\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.\"},{\"lang\":\"es\",\"value\":\"En Wind River VxWorks, el asignador de memoria presenta un posible desbordamiento en el calculo del tama\u00f1o del bloque de memoria que se asignar\u00e1 por medio de la funci\u00f3n calloc().\u0026#xa0;Como resultado, la memoria real asignada es menor que el tama\u00f1o del b\u00fafer especificado por los argumentos, conllevando a una corrupci\u00f3n en la memoria\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"},{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.9\",\"versionEndExcluding\":\"6.9.4.12\",\"matchCriteriaId\":\"2E27E761-92D8-4A67-8D23-213E0C7BFFC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:6.9.4.12:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"69674D4D-2848-46BA-9367-7AA85EE2CD99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1052B8F5-1BC4-46B6-A8F1-F1BF9A40DDAF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"46.8.0\",\"versionEndIncluding\":\"48.6.2\",\"matchCriteriaId\":\"1507EFE2-DA83-42D7-B075-91EE060B6B35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"46.9.1\",\"versionEndIncluding\":\"46.9.3\",\"matchCriteriaId\":\"4143A5F6-CD91-4209-A52B-98854CCAC987\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_eagle:46.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FED9166-7A2A-453D-9792-7A6361CEF594\"}]}]}],\"references\":[{\"url\":\"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327\",\"source\":\"cve@mitre.org\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2022-AVI-546
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | Schneider Electric C-Bus Network Automation Controller LSS5500SHAC versions antérieures à 1.11.0 | ||
| Schneider Electric | N/A | Clipsal C-Bus Network Automation Controller 5500SHAC versions antérieures à 1.11.0 | ||
| Schneider Electric | N/A | Conext ComBox toutes versions | ||
| Schneider Electric | N/A | SpaceLogic C-Bus Network Automation Controller 5500NAC2 versions antérieures à 1.11.0 | ||
| Schneider Electric | N/A | CanBRASS versions antérieures à 7.6 | ||
| Schneider Electric | N/A | StruxureWare Data Center Expert versions antérieures à 7.9.1 | ||
| N/A | N/A | EcoStruxure Power Commission versions antérieures à 2.22 | ||
| Schneider Electric | N/A | Smart-UPS SMT SMC, SMX, SRC, XU, XP, SURTD, CHS2 et SRTL Series toutes versions | ||
| Schneider Electric | N/A | EcoStruxure Cybersecurity Admin Expert (CAE) versions antérieures à 2.4 | ||
| Schneider Electric | N/A | IGSS Data Server versions antérieures à 15.0.0.22170 | ||
| Schneider Electric | N/A | Geo SCADA Mobile versions antérieures au Build 202205171 | ||
| Schneider Electric | N/A | Smart-UPS SRT Series versions antérieures à 15.0 | ||
| Schneider Electric | N/A | Schneider Electric C-Bus Network Automation Controller LSS5500NAC versions antérieures à 1.11.0 | ||
| Schneider Electric | N/A | EcoStruxure Power Build: Rapsody Software versions antérieures à 2.1.13 | ||
| Schneider Electric | N/A | EPC2000 versions antérieures à 4.03 | ||
| Schneider Electric | N/A | Versadac versions antérieures à 2.43 | ||
| Schneider Electric | N/A | Clipsal C-Bus Network Automation Controller 5500NAC versions antérieures à 1.11.0 | ||
| Schneider Electric | N/A | SCADAPack RemoteConnect pour x70 versions antérieures à R2.7.3 | ||
| Schneider Electric | N/A | SpaceLogic C-Bus Network Automation Controller 5500AC2 versions antérieures à 1.11.0 | ||
| Schneider Electric | N/A | Smart-UPS SCL Series versions antérieures à 15.1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Schneider Electric C-Bus Network Automation Controller LSS5500SHAC versions ant\u00e9rieures \u00e0 1.11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Clipsal C-Bus Network Automation Controller 5500SHAC versions ant\u00e9rieures \u00e0 1.11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Conext ComBox toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "SpaceLogic C-Bus Network Automation Controller 5500NAC2 versions ant\u00e9rieures \u00e0 1.11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "CanBRASS versions ant\u00e9rieures \u00e0 7.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "StruxureWare Data Center Expert versions ant\u00e9rieures \u00e0 7.9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Power Commission versions ant\u00e9rieures \u00e0 2.22",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Smart-UPS SMT SMC, SMX, SRC, XU, XP, SURTD, CHS2 et SRTL Series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Cybersecurity Admin Expert (CAE) versions ant\u00e9rieures \u00e0 2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "IGSS Data Server versions ant\u00e9rieures \u00e0 15.0.0.22170",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Geo SCADA Mobile versions ant\u00e9rieures au Build 202205171",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Smart-UPS SRT Series versions ant\u00e9rieures \u00e0 15.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric C-Bus Network Automation Controller LSS5500NAC versions ant\u00e9rieures \u00e0 1.11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Power Build: Rapsody Software versions ant\u00e9rieures \u00e0 2.1.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EPC2000 versions ant\u00e9rieures \u00e0 4.03",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Versadac versions ant\u00e9rieures \u00e0 2.43",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Clipsal C-Bus Network Automation Controller 5500NAC versions ant\u00e9rieures \u00e0 1.11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "SCADAPack RemoteConnect pour x70 versions ant\u00e9rieures \u00e0 R2.7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "SpaceLogic C-Bus Network Automation Controller 5500AC2 versions ant\u00e9rieures \u00e0 1.11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Smart-UPS SCL Series versions ant\u00e9rieures \u00e0 15.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-32524",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32524"
},
{
"name": "CVE-2022-24322",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24322"
},
{
"name": "CVE-2022-22731",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22731"
},
{
"name": "CVE-2022-32514",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32514"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2022-32517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32517"
},
{
"name": "CVE-2022-32526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32526"
},
{
"name": "CVE-2022-32530",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32530"
},
{
"name": "CVE-2022-32748",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32748"
},
{
"name": "CVE-2022-22806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22806"
},
{
"name": "CVE-2022-32529",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32529"
},
{
"name": "CVE-2022-32513",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32513"
},
{
"name": "CVE-2022-32747",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32747"
},
{
"name": "CVE-2022-32523",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32523"
},
{
"name": "CVE-2022-32528",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32528"
},
{
"name": "CVE-2022-32516",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32516"
},
{
"name": "CVE-2022-32522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32522"
},
{
"name": "CVE-2022-32527",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32527"
},
{
"name": "CVE-2022-32515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32515"
},
{
"name": "CVE-2021-22697",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22697"
},
{
"name": "CVE-2022-0715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0715"
},
{
"name": "CVE-2022-0223",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0223"
},
{
"name": "CVE-2022-32519",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32519"
},
{
"name": "CVE-2022-22805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22805"
},
{
"name": "CVE-2022-24323",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24323"
},
{
"name": "CVE-2022-32512",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32512"
},
{
"name": "CVE-2022-32518",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32518"
},
{
"name": "CVE-2022-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22732"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2022-32520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32520"
},
{
"name": "CVE-2022-32525",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32525"
},
{
"name": "CVE-2021-22698",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22698"
},
{
"name": "CVE-2022-32521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32521"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-546",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-15T00:00:00.000000"
},
{
"description": "Modification de la version des produits IGSS Data Server",
"revision_date": "2022-06-23T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour du lien du bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-02 du 08 mars 2022.",
"revision_date": "2022-08-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-02 du 08 mars 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-067-02_APC-Smart-UPS_Security_Notification_V6.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-07 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-07_CanBRASS_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-06 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-06_C-Bus_Home_Automation_Products_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-01 du 08 mars 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-067-01_EcoStruxure_Control_Expert_and_EcoStruxure_Process_Expert_Security_Notification_V2.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-02 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-02_Geo_SCADA_Android_App_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-08 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-08_Cybersecurity_Admin_Expert_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-012-02 du 12 janvier 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-012-02_EcoStruxure_Power_Build_Rapsody_Security_Notification_V2.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-04 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-04_%20StruxureWare_Data_Center_Expert_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-01 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-05 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 09 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V8.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-03 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-03_ConextCombox_Security_Notification.pdf"
}
]
}
CERTFR-2022-AVI-717
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Eurotherm Data Reviewer3.0.2 software versions antérieures 4.0.0 | ||
| N/A | N/A | Modicon Momentum MDI (171CBU*) toutes versions | ||
| Schneider Electric | N/A | EcoStruxure Control Expert versions antérieures à 15.2 | ||
| Symfony | process | EcoStruxure Process Expert versions antérieures à 2021 | ||
| N/A | N/A | Modicon M580 CPU (BMEP* et BMEH*) versions antérieures à 4.01 | ||
| Schneider Electric | N/A | Legacy Modicon Quantum toutes versions | ||
| N/A | N/A | OPC UA Modicon Communication Module (BMENUA0100) versions antérieures à 2.01 | ||
| Schneider Electric | N/A | Modicon MC80 (BMKC80) toutes versions | ||
| Schneider Electric | Modicon M340 | Modicon M340 CPU (BMXP34*) versions antérieures 3.50 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Eurotherm Data Reviewer3.0.2 software versions ant\u00e9rieures 4.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon Momentum MDI (171CBU*) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EcoStruxure Control Expert versions ant\u00e9rieures \u00e0 15.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Process Expert versions ant\u00e9rieures \u00e0 2021",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "Modicon M580 CPU (BMEP* et BMEH*) versions ant\u00e9rieures \u00e0 4.01",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Legacy Modicon Quantum toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "OPC UA Modicon Communication Module (BMENUA0100) versions ant\u00e9rieures \u00e0 2.01",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon MC80 (BMKC80) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 CPU (BMXP34*) versions ant\u00e9rieures 3.50",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-6846",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6846"
},
{
"name": "CVE-2022-34760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34760"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2021-22791",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22791"
},
{
"name": "CVE-2022-34762",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34762"
},
{
"name": "CVE-2019-6841",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6841"
},
{
"name": "CVE-2021-45105",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
},
{
"name": "CVE-2021-22779",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22779"
},
{
"name": "CVE-2021-22781",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22781"
},
{
"name": "CVE-2021-22780",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22780"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2021-22790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22790"
},
{
"name": "CVE-2022-37302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37302"
},
{
"name": "CVE-2022-34761",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34761"
},
{
"name": "CVE-2022-34759",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34759"
},
{
"name": "CVE-2022-37301",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37301"
},
{
"name": "CVE-2018-7241",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7241"
},
{
"name": "CVE-2021-22786",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22786"
},
{
"name": "CVE-2018-7242",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7242"
},
{
"name": "CVE-2019-6844",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6844"
},
{
"name": "CVE-2019-6842",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6842"
},
{
"name": "CVE-2021-22782",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22782"
},
{
"name": "CVE-2021-22778",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22778"
},
{
"name": "CVE-2022-34764",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34764"
},
{
"name": "CVE-2022-34763",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34763"
},
{
"name": "CVE-2021-45046",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
},
{
"name": "CVE-2022-37300",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37300"
},
{
"name": "CVE-2021-22789",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22789"
},
{
"name": "CVE-2019-6847",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6847"
},
{
"name": "CVE-2022-34765",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34765"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2021-22792",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22792"
},
{
"name": "CVE-2019-6843",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6843"
},
{
"name": "CVE-2018-7240",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7240"
},
{
"name": "CVE-2011-4859",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4859"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2020-12525",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12525"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-717",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-09T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour des liens",
"revision_date": "2022-08-22T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour des liens des bulletins de s\u00e9curit\u00e9 Schneider SEVD-2022-221-01, SEVD-2022-221-02 et SEVD-2022-221-04 du 9 ao\u00fbt 2022.",
"revision_date": "2022-09-08T00:00:00.000000"
},
{
"description": "Ajout du libell\u00e9 [SCADA] dans le titre.",
"revision_date": "2022-09-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SESB-2021-347-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2021-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SESB-2021-347-01_Apache_Log4j_Log4Shell_Vulnerabilities_Security_Notification_V14.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2019-281-02 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-281-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2019-281-02_Modicon_Controllers_Security_Notification_V3.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-01_EcoStruxure_Control_Expert_Modicon580_Security_Notification_V1.1.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-193-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules_Security_Notification_V3.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V10.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-03 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-03_EcoStruxure_Control_Expert_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-02 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-02_Modicon_Controllers_Security_Notification_V1.1.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2018-081-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2018-081-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2018-081-01_Embedded_FTP_Servers_for_Modicon_PAC_Controllers_Security_Notification_V3.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-222-04 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-222-04_Modicon_PAC_Controllers_PLC_Simulator_Control_Expert_Process_Expert_Security_Notification_V2.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-194-01_EcoStruxure_Control_Expert_Process_Expert_SCADAPack_RemoteConnect_Modicon_M580_M340_Security_Notifcation_V4.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-04 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-04-Modicon_Controllers_Ethernet_Modules_Security_Notification_V1.1.pdf"
}
]
}
CERTFR-2022-AVI-815
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Modicon MC80 sans le correctif de sécurité BMKC8020301 | ||
| N/A | N/A | CANopen X80 Communication Module (BMECXM0100) toutes versions | ||
| Schneider Electric | N/A | Modicon MC80 (BMKC80) versions antérieures à 1.8 | ||
| Schneider Electric | N/A | Modicon MC80 Controller (BMKC8*) versions antérieures à 1.8 | ||
| Schneider Electric | Modicon M340 | Modicon M340 X80 Ethernet Communication Modules BMXNOE0110 (H) toutes versions | ||
| Schneider Electric | Modicon M340 | Modicon M340 X80 Ethernet Communication Modules BMXNOE0100 (H) toutes versions | ||
| N/A | N/A | EcoStruxure™ Control Expert version 15.1 sans le dernier correctif de sécurité | ||
| Schneider Electric | N/A | Modicon RTU BMXNOR0200H versions antérieures à 1.7 IR24 | ||
| Schneider Electric | Modicon M340 | Modicon M340 X80 Ethernet Communication Module BMXNOR0200H RTU versions antérieures à 1.7 IR24 | ||
| Schneider Electric | Modicon M340 | Modicon M340 Ethernet TCP/IP Network Module BMXNOC0401 versions antérieures à 2.11 | ||
| Schneider Electric | N/A | Profibus Remote Master (TCSEGPA23F14F) toutes versions | ||
| Schneider Electric | N/A | Lexium ILE ILA ILS Communication Drive versions antérieures à 01.110 | ||
| Schneider Electric | Modicon M340 | Modicon M340 X80 Ethernet Communication module BMXNOC0401 versions antérieures à version 2.11 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Modicon MC80 sans le correctif de s\u00e9curit\u00e9 BMKC8020301",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CANopen X80 Communication Module (BMECXM0100) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon MC80 (BMKC80) versions ant\u00e9rieures \u00e0 1.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon MC80 Controller (BMKC8*) versions ant\u00e9rieures \u00e0 1.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 X80 Ethernet Communication Modules BMXNOE0110 (H) toutes versions",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 X80 Ethernet Communication Modules BMXNOE0100 (H) toutes versions",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure\u2122 Control Expert version 15.1 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon RTU BMXNOR0200H versions ant\u00e9rieures \u00e0 1.7 IR24",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 X80 Ethernet Communication Module BMXNOR0200H RTU versions ant\u00e9rieures \u00e0 1.7 IR24",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 Ethernet TCP/IP Network Module BMXNOC0401 versions ant\u00e9rieures \u00e0 2.11",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Profibus Remote Master (TCSEGPA23F14F) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Lexium ILE ILA ILS Communication Drive versions ant\u00e9rieures \u00e0 01.110",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 X80 Ethernet Communication module BMXNOC0401 versions ant\u00e9rieures \u00e0 version 2.11",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-7564",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7564"
},
{
"name": "CVE-2020-7563",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7563"
},
{
"name": "CVE-2020-7535",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7535"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2020-7549",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7549"
},
{
"name": "CVE-2021-31401",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31401"
},
{
"name": "CVE-2022-37301",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37301"
},
{
"name": "CVE-2018-7241",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7241"
},
{
"name": "CVE-2022-0222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0222"
},
{
"name": "CVE-2018-7242",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7242"
},
{
"name": "CVE-2021-31400",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31400"
},
{
"name": "CVE-2021-22788",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22788"
},
{
"name": "CVE-2020-35685",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35685"
},
{
"name": "CVE-2020-7562",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7562"
},
{
"name": "CVE-2020-35683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35683"
},
{
"name": "CVE-2020-35684",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35684"
},
{
"name": "CVE-2020-7536",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7536"
},
{
"name": "CVE-2018-7857",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7857"
},
{
"name": "CVE-2019-6807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6807"
},
{
"name": "CVE-2018-7240",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7240"
},
{
"name": "CVE-2011-4859",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4859"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2021-22787",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22787"
},
{
"name": "CVE-2021-22785",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22785"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V11.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-257-02 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-257-02_Web_Server_Modicon_M340_Quantum_and_Premium_and_Communication_Modules_V2.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2018-081-01 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2018-081-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2018-081-01_Embedded_FTP_Servers_for_Modicon_PAC_Controllers_Security_Notification_V4.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-06 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-343-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2020-343-06_Web_Server_Modicon_M340_Premium_Quantum_Communication_Modules_Security_Notification_V2.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-07 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-343-07\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2020-343-07_SNMP_Service_Modicon_M340_CPU_Security_Notification_V2.1.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-217-01 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-217-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-217-01_NicheStack_Security_Notification_V3.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2019-134-11 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-134-11\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2019-134-11_Modicon_Controllers_Security_Notification_V7.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-02 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-02_Modicon_Controllers_Security_Notification_V2.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SESB-2019-214-01 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2019-214-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SESB-2019-214-01_Wind_River_VxWorks_Security_Bulletin_V2.14.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-315-01 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-315-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2020-315-01_Modicon_Web_Server_Security_Notification_V3.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-05 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-343-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2020-343-05-Web_Server_Modicon_M340_Premium_Quantum_Communication_Modules_Security_Notification_V2.1.pdf"
}
],
"reference": "CERTFR-2022-AVI-815",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-256-01 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-256-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-256-01-EcoStruxure_Machine_SCADA_ExpertPro-face_BLUE_Open_Studio_Security_Notification.pdf"
}
]
}
CERTFR-2023-AVI-0297
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | Modicon M580 NOC Control (BMENOC0321) versions antérieures à 1.8 | ||
| Schneider Electric | N/A | PacDrive 3 Controllers LMC | ||
| Schneider Electric | N/A | Easergy Builder installer versions antérieures à V1.7.24 | ||
| Schneider Electric | N/A | Modicon Controller LMC058 | ||
| Schneider Electric | N/A | Modicon Controller M258 | ||
| Schneider Electric | N/A | Eco/Pro/Pro2 | ||
| Schneider Electric | N/A | Modicon M580 versions antérieures à SV4.10 | ||
| Schneider Electric | Modicon M340 | Modicon Modicon M340 CPU (part numbers BMXP34*) versions antérieures à SV3.51 | ||
| Schneider Electric | N/A | Modicon Controller M262 | ||
| Schneider Electric | N/A | PacDrive Controller LMC078 | ||
| Schneider Electric | N/A | Modicon Controller M241 | ||
| Schneider Electric | N/A | InsightHome, InsightFacility et Conext Gateway versions antérieures à 1.17 Build 079 | ||
| Schneider Electric | N/A | EcoStruxure Control Expert versions antérieures à V15.3 | ||
| Schneider Electric | N/A | Schneider Electric Easy UPS Online versions antérieures à 2.6-GS | ||
| Schneider Electric | N/A | Modicon Controller M218 | ||
| Schneider Electric | N/A | HMISCU Controller | ||
| Schneider Electric | N/A | Modicon Controller M251 | ||
| Schneider Electric | N/A | Easy Harmony ET6 (HMIET Series) et Easy Harmony GXU (HMIGXU Series) avec Vijeo Designer Basic versions antérieures à V1.2.1 Hotfix 4 | ||
| Schneider Electric | N/A | APC Easy UPS Online Monitoring versions antérieures à 2.6-GA | ||
| Schneider Electric | N/A | Modicon M580 Ethernet Communication Modules (BMENOC0301 et BMENOC0311) versions antérieures à SV2.21 | ||
| Schneider Electric | Modicon M340 | Modicon M340 CPU versions antérieures à SV3.51 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Modicon M580 NOC Control (BMENOC0321) versions ant\u00e9rieures \u00e0 1.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "PacDrive 3 Controllers LMC",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Easergy Builder installer versions ant\u00e9rieures \u00e0 V1.7.24",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller LMC058",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller M258",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Eco/Pro/Pro2",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M580 versions ant\u00e9rieures \u00e0 SV4.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Modicon M340 CPU (part numbers BMXP34*) versions ant\u00e9rieures \u00e0 SV3.51",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller M262",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "PacDrive Controller LMC078",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller M241",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "InsightHome, InsightFacility et Conext Gateway versions ant\u00e9rieures \u00e0 1.17 Build 079",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Control Expert versions ant\u00e9rieures \u00e0 V15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric Easy UPS Online versions ant\u00e9rieures \u00e0 2.6-GS",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller M218",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "HMISCU Controller",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller M251",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Easy Harmony ET6 (HMIET Series) et Easy Harmony GXU (HMIGXU Series) avec Vijeo Designer Basic versions ant\u00e9rieures \u00e0 V1.2.1 Hotfix 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "APC Easy UPS Online Monitoring versions ant\u00e9rieures \u00e0 2.6-GA",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M580 Ethernet Communication Modules (BMENOC0301 et BMENOC0311) versions ant\u00e9rieures \u00e0 SV2.21",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 CPU versions ant\u00e9rieures \u00e0 SV3.51",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-29413",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29413"
},
{
"name": "CVE-2023-29410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29410"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2022-4046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4046"
},
{
"name": "CVE-2023-29412",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29412"
},
{
"name": "CVE-2023-27976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27976"
},
{
"name": "CVE-2022-34755",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34755"
},
{
"name": "CVE-2023-25620",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25620"
},
{
"name": "CVE-2023-1548",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1548"
},
{
"name": "CVE-2023-29411",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29411"
},
{
"name": "CVE-2023-28355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28355"
},
{
"name": "CVE-2023-25619",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25619"
},
{
"name": "CVE-2022-45788",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45788"
},
{
"name": "CVE-2022-4224",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4224"
},
{
"name": "CVE-2021-29241",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29241"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0297",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2022-011-06 du 11 janvier 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-011-06_CODESYSV3_Runtime_Development_System_and_Gateway_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-05 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-05.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-06 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-06.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-04 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-04.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-02 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-02.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-03 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-03.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-01 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-01.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-010-05 du 10 janvier 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-313-05 du 09 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_BadAlloc_Vulnerabilities_Security_Notification.pdf"
}
]
}
CERTFR-2023-AVI-0298
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | Solid Edge SE2023 avec KeyShot 11 versions antérieures à V2023.1 | ||
| Siemens | N/A | TIA Portal V18 versions antérieures à V18 Update 1 | ||
| Siemens | N/A | TeleControl Server Basic V3 | ||
| Siemens | N/A | Polarion ALM versions antérieures à V2304.0 | ||
| Siemens | N/A | CP-8031 MASTER MODULE (6MF2803-1AA00) et CP-8050 MASTER MODULE (6MF2805-0AA00) versions antérieures à CPCI85 V05 | ||
| Siemens | N/A | TIA Portal V15, V16 et V17 | ||
| Siemens | N/A | JT2Go versions antérieures à V14.2.0.2 | ||
| Siemens | N/A | De nombreuses références SIPROTEC, SCALANCE, SIMATIC et SIPLUS, se référer aux bulletins de sécurité de l'éditeur pour la liste complète | ||
| Siemens | N/A | SIMATIC S7-400 PN/DP CPU family | ||
| Siemens | N/A | Teamcenter Visualization V13.2 versions antérieures à V13.2.0.13 | ||
| Siemens | N/A | Mendix Forgot Password (Mendix 8 compatible) versions antérieures à V4.1.1 | ||
| Siemens | N/A | Mendix Forgot Password (Mendix 9 compatible) versions antérieures à V5.1.1 | ||
| Siemens | N/A | SIMATIC CP 443-1 Advanced versions antérieures à V3.2.17 | ||
| Siemens | N/A | SIMATIC CP 343-1 Advanced versions antérieures à V3.0.53 | ||
| Siemens | N/A | Teamcenter Visualization V14.0 versions antérieures à V14.0.0.5 | ||
| Siemens | N/A | SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions antérieures à V2.2 | ||
| Siemens | N/A | JT Open versions antérieures à V11.3.2.0 | ||
| Siemens | N/A | Teamcenter Visualization V14.2 versions antérieures à V14.2.0.2 | ||
| Siemens | N/A | Mendix Forgot Password (Mendix 7 compatible) versions antérieures à V3.7.1 | ||
| Siemens | N/A | JT Utilities versions antérieures à V13.3.0.0 | ||
| Siemens | N/A | Teamcenter Visualization V13.3 versions antérieures à V13.3.0.9 | ||
| Siemens | N/A | OpenPCS 7 V9.1 | ||
| Siemens | N/A | SIMATIC S7-300 CPU family versions antérieures à V3.X.18 | ||
| Siemens | N/A | Teamcenter Visualization V14.1 versions antérieures à V14.1.0.7 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Solid Edge SE2023 avec KeyShot 11 versions ant\u00e9rieures \u00e0 V2023.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal V18 versions ant\u00e9rieures \u00e0 V18 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TeleControl Server Basic V3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Polarion ALM versions ant\u00e9rieures \u00e0 V2304.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP-8031 MASTER MODULE (6MF2803-1AA00) et CP-8050 MASTER MODULE (6MF2805-0AA00) versions ant\u00e9rieures \u00e0 CPCI85 V05",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal V15, V16 et V17",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT2Go versions ant\u00e9rieures \u00e0 V14.2.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "De nombreuses r\u00e9f\u00e9rences SIPROTEC, SCALANCE, SIMATIC et SIPLUS, se r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour la liste compl\u00e8te",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 PN/DP CPU family",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V13.2 versions ant\u00e9rieures \u00e0 V13.2.0.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Forgot Password (Mendix 8 compatible) versions ant\u00e9rieures \u00e0 V4.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Forgot Password (Mendix 9 compatible) versions ant\u00e9rieures \u00e0 V5.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 443-1 Advanced versions ant\u00e9rieures \u00e0 V3.2.17",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 343-1 Advanced versions ant\u00e9rieures \u00e0 V3.0.53",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V14.0 versions ant\u00e9rieures \u00e0 V14.0.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions ant\u00e9rieures \u00e0 V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT Open versions ant\u00e9rieures \u00e0 V11.3.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V14.2 versions ant\u00e9rieures \u00e0 V14.2.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Forgot Password (Mendix 7 compatible) versions ant\u00e9rieures \u00e0 V3.7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT Utilities versions ant\u00e9rieures \u00e0 V13.3.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V13.3 versions ant\u00e9rieures \u00e0 V13.3.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OpenPCS 7 V9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-300 CPU family versions ant\u00e9rieures \u00e0 V3.X.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V14.1 versions ant\u00e9rieures \u00e0 V14.1.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2023-28828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28828"
},
{
"name": "CVE-2016-8673",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8673"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2023-28766",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28766"
},
{
"name": "CVE-2021-27044",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27044"
},
{
"name": "CVE-2022-1652",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1652"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2023-29053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29053"
},
{
"name": "CVE-2023-28489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28489"
},
{
"name": "CVE-2022-43767",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43767"
},
{
"name": "CVE-2022-44725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44725"
},
{
"name": "CVE-2023-29054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29054"
},
{
"name": "CVE-2023-23588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23588"
},
{
"name": "CVE-2021-46828",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46828"
},
{
"name": "CVE-2016-8672",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8672"
},
{
"name": "CVE-2023-26293",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26293"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2022-43716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43716"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2022-1729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
},
{
"name": "CVE-2022-43768",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43768"
},
{
"name": "CVE-2023-27464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27464"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2023-1709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1709"
},
{
"name": "CVE-2022-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30065"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0298",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-699404 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-699404.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-479249 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-479249.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-572164 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-572164.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-691715 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-691715.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-511182 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-511182.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-566905 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-642810 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-642810.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-603476 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-603476.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-813746 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-813746.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-629917 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-629917.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-558014 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-558014.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-322980 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-322980.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-116924 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-116924.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-632164 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-632164.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-472454 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-472454.html"
}
]
}
CERTFR-2023-AVI-0363
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | OPC Factory Server (OFS) versions antérieures à V3.63SP2 | ||
| N/A | N/A | Modicon X80 Module (part number BMXNOM0200) versions antérieures à V1.60 | ||
| N/A | N/A | PowerLogic PM8000 antérieures à 4.0.0 sans le dernier correctif de sécurité | ||
| N/A | N/A | PowerLogic ION7400 antérieures à 4.0.0 sans le dernier correctif de sécurité | ||
| N/A | N/A | EcoStruxure Power Operation versions 2022 antérieures à 2022 CU1 | ||
| N/A | N/A | EcoStruxure Power Operation versions 2021 antérieures à 2021 CU3 | ||
| N/A | N/A | Produits Legacy ION toutes versions | ||
| N/A | N/A | PowerLogic ION9000 antérieures à 4.0.0 sans le dernier correctif de sécurité | ||
| N/A | N/A | Power SCADA Anywhere versions 1.1 et 1.2 antérieures à Plant SCADA Anywhere version 2023 | ||
| N/A | N/A | PowerLogic ION8650 toutes versions | ||
| N/A | N/A | Altivar 32/320 et Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions antérieures à V1.20IE01 | ||
| N/A | N/A | EcoStruxure Power SCADA Operation versions 2020 R2 | ||
| N/A | N/A | PowerLogic ION8800 toutes versions |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OPC Factory Server (OFS) versions ant\u00e9rieures \u00e0 V3.63SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon X80 Module (part number BMXNOM0200) versions ant\u00e9rieures \u00e0 V1.60",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic PM8000 ant\u00e9rieures \u00e0 4.0.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic ION7400 ant\u00e9rieures \u00e0 4.0.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EcoStruxure Power Operation versions 2022 ant\u00e9rieures \u00e0 2022 CU1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EcoStruxure Power Operation versions 2021 ant\u00e9rieures \u00e0 2021 CU3",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Produits Legacy ION toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic ION9000 ant\u00e9rieures \u00e0 4.0.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Power SCADA Anywhere versions 1.1 et 1.2 ant\u00e9rieures \u00e0 Plant SCADA Anywhere version 2023",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic ION8650 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Altivar 32/320 et Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions ant\u00e9rieures \u00e0 V1.20IE01",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EcoStruxure Power SCADA Operation versions 2020 R2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic ION8800 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-23854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23854"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2022-46680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46680"
},
{
"name": "CVE-2021-31401",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31401"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2021-31400",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31400"
},
{
"name": "CVE-2023-1256",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1256"
},
{
"name": "CVE-2020-35685",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35685"
},
{
"name": "CVE-2020-35683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35683"
},
{
"name": "CVE-2020-35684",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35684"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2023-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2161"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0363",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-09T00:00:00.000000"
},
{
"description": "Ajout des num\u00e9ros de CVE manquants",
"revision_date": "2023-05-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une\nex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2023-129-01 du 9 mai 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-129-01.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-217-01 du 05 ao\u00fbt 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-217-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-217-01_NicheStack_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2023-129-03 du 9 mai 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-129-03.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2023-129-04 du 9 mai 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-129-04.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2023-129-02 du 9 mai 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-129-02.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 09 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_BadAlloc_Vulnerabilities_Security_Notification.pdf"
}
]
}
FKIE_CVE-2020-28895
Vulnerability from fkie_nvd - Published: 2021-02-03 16:15 - Updated: 2024-11-21 05:23
Severity
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-28895 | Vendor Advisory | |
| cve@mitre.org | https://support2.windriver.com/index.php?page=defects&on=view&id=V7LIBC-1327 | Permissions Required | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-28895 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support2.windriver.com/index.php?page=defects&on=view&id=V7LIBC-1327 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| windriver | vxworks | * | |
| windriver | vxworks | 6.9.4.12 | |
| windriver | vxworks | 6.9.4.12 | |
| oracle | communications_eagle | * | |
| oracle | communications_eagle | * | |
| oracle | communications_eagle | 46.7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E27E761-92D8-4A67-8D23-213E0C7BFFC6",
"versionEndExcluding": "6.9.4.12",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:windriver:vxworks:6.9.4.12:-:*:*:*:*:*:*",
"matchCriteriaId": "69674D4D-2848-46BA-9367-7AA85EE2CD99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer1:*:*:*:*:*:*",
"matchCriteriaId": "1052B8F5-1BC4-46B6-A8F1-F1BF9A40DDAF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1507EFE2-DA83-42D7-B075-91EE060B6B35",
"versionEndIncluding": "48.6.2",
"versionStartIncluding": "46.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4143A5F6-CD91-4209-A52B-98854CCAC987",
"versionEndIncluding": "46.9.3",
"versionStartIncluding": "46.9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle:46.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FED9166-7A2A-453D-9792-7A6361CEF594",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption."
},
{
"lang": "es",
"value": "En Wind River VxWorks, el asignador de memoria presenta un posible desbordamiento en el calculo del tama\u00f1o del bloque de memoria que se asignar\u00e1 por medio de la funci\u00f3n calloc().\u0026#xa0;Como resultado, la memoria real asignada es menor que el tama\u00f1o del b\u00fafer especificado por los argumentos, conllevando a una corrupci\u00f3n en la memoria"
}
],
"id": "CVE-2020-28895",
"lastModified": "2024-11-21T05:23:14.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-03T16:15:13.633",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-5WMW-M5W7-7M5M
Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40
VLAI
Details
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
Severity
7.3 (High)
{
"affected": [],
"aliases": [
"CVE-2020-28895"
],
"database_specific": {
"cwe_ids": [
"CWE-120",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-03T16:15:00Z",
"severity": "CRITICAL"
},
"details": "In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.",
"id": "GHSA-5wmw-m5w7-7m5m",
"modified": "2022-05-24T17:40:47Z",
"published": "2022-05-24T17:40:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28895"
},
{
"type": "WEB",
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895"
},
{
"type": "WEB",
"url": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GSD-2020-28895
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-28895",
"description": "In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.",
"id": "GSD-2020-28895"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-28895"
],
"details": "In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.",
"id": "GSD-2020-28895",
"modified": "2023-12-13T01:22:01.834660Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28895",
"STATE": "PUBLIC",
"TITLE": "integer overflow in calloc"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Reported by Omri Ben Bassat \u003cv-obenbassat@microsoft.com\u003e"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327",
"refsource": "MISC",
"url": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327"
},
{
"name": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895",
"refsource": "MISC",
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.9.4.12",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.9.4.12:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "46.9.3",
"versionStartIncluding": "46.9.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "48.6.2",
"versionStartIncluding": "46.8.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle:46.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-28895"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
},
{
"lang": "en",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895"
},
{
"name": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327",
"refsource": "MISC",
"tags": [
"Permissions Required"
],
"url": "https://support2.windriver.com/index.php?page=defects\u0026on=view\u0026id=V7LIBC-1327"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
},
"lastModifiedDate": "2022-05-12T14:33Z",
"publishedDate": "2021-02-03T16:15Z"
}
}
}
ICSA-21-119-04
Vulnerability from csaf_cisa - Published: 2021-04-29 00:00 - Updated: 2022-04-19 00:00Summary
Multiple RTOS (Update E)
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could result in unexpected behavior such as a crash or a remote code injection/execution.
Critical infrastructure sectors: Multiple
Countries/areas deployed: Worldwide
Company headquarters location: Multiple
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability: No known public exploits specifically target these vulnerabilities.
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
CWE-190
- Integer Overflow or Wraparound
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
4.6 (Medium)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
9.8 (Critical)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.3 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.4 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.4 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.4 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
7.4 (High)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
6.5 (Medium)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
6.5 (Medium)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
6.9 (Medium)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
9.0 (Critical)
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier
multiple / BlackBerry QNX SDP
|
<= 6.5.0 SP1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
TencentOS-tiny: Version 3.1.0
multiple / TencentOS-tiny
|
3.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Google Cloud IoT Device SDK: Version 1.0.2
multiple / Google Cloud IoT Device SDK
|
1.0.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC26XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink: MSP432E4XX
multiple / Texas Instruments SimpleLink
|
MSP432E4XX |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262
multiple / BlackBerry QNX OS for Safety
|
<= 1.0.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304
multiple / BlackBerry QNX OS for Medical
|
<= 1.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM CMSIS-RTOS2: versions prior to 2.1.3
multiple / ARM CMSIS-RTOS2
|
< 2.1.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Redhat newlib: versions prior to 4.0.0
multiple / Redhat newlib
|
< 4.0.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Apache Nuttx OS: Version 9.1.0
multiple / Apache Nuttx OS
|
9.1.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3
multiple / eCosCentric eCosPro RTOS
|
>= 2.0.1 | <= 4.5.3 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
RIOT OS: Version 2020.01.1
multiple / RIOT OS
|
2020.01.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM Mbed OS: Version 6.3.0
multiple / ARM Mbed OS
|
6.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments CC32XX: versions prior to 4.40.00.07
multiple / Texas Instruments CC32XX
|
< 4.40.00.07 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03
multiple / Texas Instruments SimpleLink-CC32XX
|
< 4.10.03 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Windriver VxWorks: prior to 7.0
multiple / Windriver VxWorks
|
< 7.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Amazon FreeRTOS: Version 10.4.1
multiple / Amazon FreeRTOS
|
10.4.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Samsung Tizen RT RTOS: versions prior 3.0.GBB
multiple / Samsung Tizen RT RTOS
|
< 3.0.GBB |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MCUXpresso SDK: versions prior to 2.8.2
multiple / NXP MCUXpresso SDK
|
< 2.8.2 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Cesanta Software Mongoose OS: v2.17.0
multiple / Cesanta Software Mongoose OS
|
2.17.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00
multiple / Micrium uC/OS
|
1.38.xx | 1.39.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Micrium OS: Versions 5.10.1 and prior
multiple / Micrium OS
|
<= 5.10.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00
multiple / Texas Instruments SimpleLink-CC13XX
|
< 4.40.00 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Media Tek LinkIt SDK: versions prior to 4.6.1
multiple / Media Tek LinkIt SDK
|
< 4.6.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Uclibc-NG: versions prior to 1.0.36
multiple / Uclibc-NG
|
< 1.0.36 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
Zephyr Project RTOS: versions prior to 2.5
multiple / Zephyr Project RTOS
|
< 2.5 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
NXP MQX: Versions 5.1 and prior
multiple / NXP MQX
|
<= 5.1 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
|
|
ARM mbed-ualloc: Version 1.3.0
multiple / ARM mbed-ualloc
|
1.3.0 |
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
Mitigation
fix
|
References
39 references
| URL | Category |
|---|---|
| https://raw.githubusercontent.com/cisagov/CSAF/de… | self |
| https://www.cisa.gov/news-events/ics-advisories/i… | self |
| https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01 | external |
| https://us-cert.cisa.gov/sites/default/files/reco… | external |
| https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
Acknowledgments
Microsoft Section 52
David Atch
Omri Ben Bassat
Tamir Ariel
the Azure Defender for IoT research group
{
"document": {
"acknowledgments": [
{
"names": [
"David Atch",
"Omri Ben Bassat",
"Tamir Ariel"
],
"organization": "Microsoft Section 52",
"summary": "reporting these vulnerabilities to CISA"
},
{
"organization": "the Azure Defender for IoT research group",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could result in unexpected behavior such as a crash or a remote code injection/execution.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Multiple",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-21-119-04 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-119-04.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-119-04 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Multiple RTOS (Update E)",
"tracking": {
"current_release_date": "2022-04-19T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-119-04",
"initial_release_date": "2021-04-29T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-04-29T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-21-119-04 Multiple RTOS"
},
{
"date": "2021-05-06T00:00:00.000000Z",
"legacy_version": "A",
"number": "2",
"summary": "ICSA-21-119-04 Multiple RTOS (Update A)"
},
{
"date": "2021-05-20T00:00:00.000000Z",
"legacy_version": "B",
"number": "3",
"summary": "ICSA-21-119-04 Multiple RTOS (Update B)"
},
{
"date": "2021-08-17T00:00:00.000000Z",
"legacy_version": "C",
"number": "4",
"summary": "ICSA-21-119-04 Multiple RTOS (Update C)"
},
{
"date": "2021-11-30T00:00:00.000000Z",
"legacy_version": "D",
"number": "5",
"summary": "ICSA-21-119-04 Multiple RTOS (Update D)"
},
{
"date": "2022-04-19T00:00:00.000000Z",
"legacy_version": "E",
"number": "6",
"summary": "ICSA-21-119-04 Multiple RTOS (Update E)"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 6.5.0 SP1",
"product": {
"name": "BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "BlackBerry QNX SDP"
},
{
"branches": [
{
"category": "product_version",
"name": "3.1.0",
"product": {
"name": "TencentOS-tiny: Version 3.1.0",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "TencentOS-tiny"
},
{
"branches": [
{
"category": "product_version",
"name": "1.0.2",
"product": {
"name": "Google Cloud IoT Device SDK: Version 1.0.2",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Google Cloud IoT Device SDK"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.40.00",
"product": {
"name": "Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Texas Instruments SimpleLink-CC26XX"
},
{
"branches": [
{
"category": "product_version",
"name": "MSP432E4XX",
"product": {
"name": "Texas Instruments SimpleLink: MSP432E4XX",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "Texas Instruments SimpleLink"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.0.1",
"product": {
"name": "BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "BlackBerry QNX OS for Safety"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.1",
"product": {
"name": "BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "BlackBerry QNX OS for Medical"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 2.1.3",
"product": {
"name": "ARM CMSIS-RTOS2: versions prior to 2.1.3",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "ARM CMSIS-RTOS2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.0.0",
"product": {
"name": "Redhat newlib: versions prior to 4.0.0",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "Redhat newlib"
},
{
"branches": [
{
"category": "product_version",
"name": "9.1.0",
"product": {
"name": "Apache Nuttx OS: Version 9.1.0",
"product_id": "CSAFPID-00010"
}
}
],
"category": "product_name",
"name": "Apache Nuttx OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= 2.0.1 | \u003c= 4.5.3",
"product": {
"name": "eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3",
"product_id": "CSAFPID-00011"
}
}
],
"category": "product_name",
"name": "eCosCentric eCosPro RTOS"
},
{
"branches": [
{
"category": "product_version",
"name": "2020.01.1",
"product": {
"name": "RIOT OS: Version 2020.01.1",
"product_id": "CSAFPID-00012"
}
}
],
"category": "product_name",
"name": "RIOT OS"
},
{
"branches": [
{
"category": "product_version",
"name": "6.3.0",
"product": {
"name": "ARM Mbed OS: Version 6.3.0",
"product_id": "CSAFPID-00013"
}
}
],
"category": "product_name",
"name": "ARM Mbed OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.40.00.07",
"product": {
"name": "Texas Instruments CC32XX: versions prior to 4.40.00.07",
"product_id": "CSAFPID-00014"
}
}
],
"category": "product_name",
"name": "Texas Instruments CC32XX"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.10.03",
"product": {
"name": "Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03",
"product_id": "CSAFPID-00015"
}
}
],
"category": "product_name",
"name": "Texas Instruments SimpleLink-CC32XX"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 7.0",
"product": {
"name": "Windriver VxWorks: prior to 7.0",
"product_id": "CSAFPID-00016"
}
}
],
"category": "product_name",
"name": "Windriver VxWorks"
},
{
"branches": [
{
"category": "product_version",
"name": "10.4.1",
"product": {
"name": "Amazon FreeRTOS: Version 10.4.1",
"product_id": "CSAFPID-00017"
}
}
],
"category": "product_name",
"name": "Amazon FreeRTOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 3.0.GBB",
"product": {
"name": "Samsung Tizen RT RTOS: versions prior 3.0.GBB",
"product_id": "CSAFPID-00018"
}
}
],
"category": "product_name",
"name": "Samsung Tizen RT RTOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 2.8.2",
"product": {
"name": "NXP MCUXpresso SDK: versions prior to 2.8.2",
"product_id": "CSAFPID-00019"
}
}
],
"category": "product_name",
"name": "NXP MCUXpresso SDK"
},
{
"branches": [
{
"category": "product_version",
"name": "2.17.0",
"product": {
"name": "Cesanta Software Mongoose OS: v2.17.0",
"product_id": "CSAFPID-00020"
}
}
],
"category": "product_name",
"name": "Cesanta Software Mongoose OS"
},
{
"branches": [
{
"category": "product_version",
"name": "1.38.xx | 1.39.00",
"product": {
"name": "Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00",
"product_id": "CSAFPID-00021"
}
}
],
"category": "product_name",
"name": "Micrium uC/OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.10.1",
"product": {
"name": "Micrium OS: Versions 5.10.1 and prior",
"product_id": "CSAFPID-00022"
}
}
],
"category": "product_name",
"name": "Micrium OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.40.00",
"product": {
"name": "Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00",
"product_id": "CSAFPID-00023"
}
}
],
"category": "product_name",
"name": "Texas Instruments SimpleLink-CC13XX"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.6.1",
"product": {
"name": "Media Tek LinkIt SDK: versions prior to 4.6.1",
"product_id": "CSAFPID-00024"
}
}
],
"category": "product_name",
"name": "Media Tek LinkIt SDK"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 1.0.36",
"product": {
"name": "Uclibc-NG: versions prior to 1.0.36",
"product_id": "CSAFPID-00025"
}
}
],
"category": "product_name",
"name": "Uclibc-NG"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 2.5",
"product": {
"name": "Zephyr Project RTOS: versions prior to 2.5",
"product_id": "CSAFPID-00026"
}
}
],
"category": "product_name",
"name": "Zephyr Project RTOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.1",
"product": {
"name": "NXP MQX: Versions 5.1 and prior",
"product_id": "CSAFPID-00027"
}
}
],
"category": "product_name",
"name": "NXP MQX"
},
{
"branches": [
{
"category": "product_version",
"name": "1.3.0",
"product": {
"name": "ARM mbed-ualloc: Version 1.3.0",
"product_id": "CSAFPID-00028"
}
}
],
"category": "product_name",
"name": "ARM mbed-ualloc"
}
],
"category": "vendor",
"name": "multiple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-30636",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Media Tek LinkIt SDK versions prior to 4.6.1 is vulnerable to integer overflow in memory allocation calls pvPortCalloc(calloc) and pvPortRealloc(realloc), which can lead to memory corruption on the target device.CVE-2021-30636 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30636"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27431",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution.CVE-2021-27431 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27431"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27433",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "ARM mbed-ualloc memory library Version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-27433 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27433"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27435",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-27435 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27435"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27427",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "RIOT OS Versions 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-27427 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27427"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-22684",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Samsung Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functions_calloc and mm_zalloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash.CVE-2021-22684 has been assigned to this vulnerability. A CVSS v3 base score of 3.2 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22684"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27439",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "TencentOS-tiny Version 3.1.0 is vulnerable to integer wrap-around in function \u0027tos_mmheap_alloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-27439 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27439"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27425",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-27425 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27425"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-26461",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Apache Nuttx OS Version 9.1.0 is vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-26461 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26461"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2020-35198",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Wind River VxWorks several versions prior to 7.0 firmware are vulnerable to weaknesses found in the following functions; calloc(memLib), mmap/mmap64 (mmanLib), cacheDmaMalloc(cacheLib) and cacheArchDmaMalloc(cacheArchLib). This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2020-35198 and CVE-2020-28895 have been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35198"
},
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28895"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2020-28895",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Amazon FreeRTOS Version 10.4.1 is vulnerable to integer wrap-around in multiple memory management API functions (MemMang, Queue, StreamBuffer). This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-31571 and CVE-2021-31572 have been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31571"
},
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31572"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-31571",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow.CVE-2021-27417 has been assigned to this vulnerability. A CVSS v3 base score of 4.6 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27417"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-31572",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Redhat newlib versions prior to 4.0.0 are vulnerable to integer wrap-around in malloc and nano-malloc family routines (memalign, valloc, pvalloc, nano_memalign, nano_valloc, nano_pvalloc) due to insufficient checking in memory alignment logic. This insufficient checking can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-3420 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3420"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27417",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to unexpected behavior such segmentation fault when assigning a particular block of memory from the heap via malloc.CVE-2021-27421 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27421"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-3420",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-22680 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22680"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27421",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-27419 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27419"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-22680",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in \u0027HeapTrack_alloc\u0027 and result in code execution.CVE-2021-27429 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27429"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27419",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in \u0027malloc\u0027 and result in code execution.CVE-2021-22636 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22636"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27429",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in \u0027malloc\u0027 for FreeRTOS, resulting in code execution.CVE-2021-27504 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27504"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-22636",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in \u0027HeapMem_allocUnprotected\u0027 and result in code execution.CVE-2021-27502 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27502"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27504",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Google Cloud IoT Device SDK Version 1.0.2 is vulnerable to heap overflow due to integer overflow in its implementation of calloc, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or code execution. Google PSIRT will assign a CVE. CVSS score will be calculated when a CVE has been assigned.CVE-2021-27411 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27411"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27502",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as very small blocks of memory being allocated instead of very large ones.CVE-2021-26706 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26706"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27411",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Micrium uC/OS: uC/LIB Versions 1.38.xx, 1.39.00 are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as very small blocks of memory being allocated instead of very large ones.CVE-2020-13603 has been assigned to this vulnerability. A CVSS v3 base score of 6.9 has been calculated; the CVSS vector string is (AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13603"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-26706",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Zephyr Project RTOS versions prior to 2.5 are vulnerable to integer wrap-around sys_mem_pool_alloc function, which can lead to arbitrary memory allocation resulting in unexpected behavior such as a crash or code execution.CVE-2021-22156 has been assigned to this vulnerability. A CVSS v3 base score of 9.0 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22156"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…