Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-49069 (GCVE-0-2023-49069)
Vulnerability from cvelistv5 – Published: 2024-09-10 09:36 – Updated: 2025-01-14 10:29
VLAI
EPSS
Summary
A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.17.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.11 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.19 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions < V8.18.33 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.31 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames.
Severity
5.3 (Medium)
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
1 reference
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Mendix Runtime V10 |
Affected:
0 , < V10.17.0
(custom)
|
|
| Siemens | Mendix Runtime V10.12 |
Affected:
0 , < V10.12.11
(custom)
|
|
| Siemens | Mendix Runtime V10.6 |
Affected:
0 , < V10.6.19
(custom)
|
|
| Siemens | Mendix Runtime V8 |
Affected:
0 , < V8.18.33
(custom)
|
|
| Siemens | Mendix Runtime V9 |
Affected:
0 , < V9.24.31
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mendix",
"vendor": "siemens",
"versions": [
{
"lessThan": "9.24.26",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "10.6.12",
"status": "affected",
"version": "10.0",
"versionType": "custom"
},
{
"lessThan": "10.12.2",
"status": "affected",
"version": "10.7",
"versionType": "custom"
},
{
"lessThan": "10.14.0",
"status": "affected",
"version": "10.13",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T18:35:09.531765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T18:39:46.492Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Mendix Runtime V10",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V10.17.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Runtime V10.12",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V10.12.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Runtime V10.6",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V10.6.19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Runtime V8",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.18.33",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Mendix Runtime V9",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.24.31",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix Runtime V10 (All versions \u003c V10.17.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions \u003c V10.12.11 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions \u003c V10.6.19 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions \u003c V8.18.33 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions \u003c V9.24.31 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204: Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T10:29:57.002Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-097435.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-49069",
"datePublished": "2024-09-10T09:36:25.399Z",
"dateReserved": "2023-11-21T11:51:19.666Z",
"dateUpdated": "2025-01-14T10:29:57.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-49069",
"date": "2026-05-27",
"epss": "0.0035",
"percentile": "0.57593"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in Mendix Runtime V10 (All versions \u003c V10.17.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions \u003c V10.12.11 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions \u003c V10.6.19 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions \u003c V8.18.33 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions \u003c V9.24.31 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames.\"}, {\"lang\": \"es\", \"value\": \"Se ha identificado una vulnerabilidad en Mendix Runtime V10 (todas las versiones anteriores a la V10.14.0, solo si la aplicaci\\u00f3n utiliza el mecanismo de autenticaci\\u00f3n b\\u00e1sico), Mendix Runtime V10.12 (todas las versiones anteriores a la V10.12.2, solo si la aplicaci\\u00f3n utiliza el mecanismo de autenticaci\\u00f3n b\\u00e1sico), Mendix Runtime V10.6 (todas las versiones anteriores a la V10.6.12, solo si la aplicaci\\u00f3n utiliza el mecanismo de autenticaci\\u00f3n b\\u00e1sico), Mendix Runtime V8 (todas las versiones solo si la aplicaci\\u00f3n utiliza el mecanismo de autenticaci\\u00f3n b\\u00e1sico) y Mendix Runtime V9 (todas las versiones anteriores a la V9.24.26, solo si la aplicaci\\u00f3n utiliza el mecanismo de autenticaci\\u00f3n b\\u00e1sico). El mecanismo de autenticaci\\u00f3n de las aplicaciones afectadas contiene una vulnerabilidad de discrepancia de respuesta observable al validar nombres de usuario. Esto podr\\u00eda permitir que atacantes remotos no autenticados distingan entre nombres de usuario v\\u00e1lidos e inv\\u00e1lidos.\"}]",
"id": "CVE-2023-49069",
"lastModified": "2025-01-14T11:15:14.827",
"metrics": "{\"cvssMetricV40\": [{\"source\": \"productcert@siemens.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"4.0\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\", \"baseScore\": 6.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnerableSystemConfidentiality\": \"LOW\", \"vulnerableSystemIntegrity\": \"NONE\", \"vulnerableSystemAvailability\": \"NONE\", \"subsequentSystemConfidentiality\": \"NONE\", \"subsequentSystemIntegrity\": \"NONE\", \"subsequentSystemAvailability\": \"NONE\", \"exploitMaturity\": \"NOT_DEFINED\", \"confidentialityRequirements\": \"NOT_DEFINED\", \"integrityRequirements\": \"NOT_DEFINED\", \"availabilityRequirements\": \"NOT_DEFINED\", \"modifiedAttackVector\": \"NOT_DEFINED\", \"modifiedAttackComplexity\": \"NOT_DEFINED\", \"modifiedAttackRequirements\": \"NOT_DEFINED\", \"modifiedPrivilegesRequired\": \"NOT_DEFINED\", \"modifiedUserInteraction\": \"NOT_DEFINED\", \"modifiedVulnerableSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedVulnerableSystemIntegrity\": \"NOT_DEFINED\", \"modifiedVulnerableSystemAvailability\": \"NOT_DEFINED\", \"modifiedSubsequentSystemConfidentiality\": \"NOT_DEFINED\", \"modifiedSubsequentSystemIntegrity\": \"NOT_DEFINED\", \"modifiedSubsequentSystemAvailability\": \"NOT_DEFINED\", \"safety\": \"NOT_DEFINED\", \"automatable\": \"NOT_DEFINED\", \"recovery\": \"NOT_DEFINED\", \"valueDensity\": \"NOT_DEFINED\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\"}}], \"cvssMetricV31\": [{\"source\": \"productcert@siemens.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
"published": "2024-09-10T10:15:08.947",
"references": "[{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-097435.html\", \"source\": \"productcert@siemens.com\"}]",
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"productcert@siemens.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-204\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-49069\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2024-09-10T10:15:08.947\",\"lastModified\":\"2025-01-14T11:15:14.827\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in Mendix Runtime V10 (All versions \u003c V10.17.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions \u003c V10.12.11 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions \u003c V10.6.19 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions \u003c V8.18.33 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions \u003c V9.24.31 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en Mendix Runtime V10 (todas las versiones anteriores a la V10.14.0, solo si la aplicaci\u00f3n utiliza el mecanismo de autenticaci\u00f3n b\u00e1sico), Mendix Runtime V10.12 (todas las versiones anteriores a la V10.12.2, solo si la aplicaci\u00f3n utiliza el mecanismo de autenticaci\u00f3n b\u00e1sico), Mendix Runtime V10.6 (todas las versiones anteriores a la V10.6.12, solo si la aplicaci\u00f3n utiliza el mecanismo de autenticaci\u00f3n b\u00e1sico), Mendix Runtime V8 (todas las versiones solo si la aplicaci\u00f3n utiliza el mecanismo de autenticaci\u00f3n b\u00e1sico) y Mendix Runtime V9 (todas las versiones anteriores a la V9.24.26, solo si la aplicaci\u00f3n utiliza el mecanismo de autenticaci\u00f3n b\u00e1sico). El mecanismo de autenticaci\u00f3n de las aplicaciones afectadas contiene una vulnerabilidad de discrepancia de respuesta observable al validar nombres de usuario. Esto podr\u00eda permitir que atacantes remotos no autenticados distingan entre nombres de usuario v\u00e1lidos e inv\u00e1lidos.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-204\"}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-097435.html\",\"source\":\"productcert@siemens.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-49069\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-10T18:35:09.531765Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:siemens:mendix:*:*:*:*:*:*:*:*\"], \"vendor\": \"siemens\", \"product\": \"mendix\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0\", \"lessThan\": \"9.24.26\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"10.0\", \"lessThan\": \"10.6.12\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"10.7\", \"lessThan\": \"10.12.2\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"10.13\", \"lessThan\": \"10.14.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-10T18:39:32.080Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\"}}, {\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.9, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N\"}}], \"affected\": [{\"vendor\": \"Siemens\", \"product\": \"Mendix Runtime V10\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V10.17.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Mendix Runtime V10.12\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V10.12.11\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Mendix Runtime V10.6\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V10.6.19\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Mendix Runtime V8\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V8.18.33\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Mendix Runtime V9\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V9.24.31\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-097435.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in Mendix Runtime V10 (All versions \u003c V10.17.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions \u003c V10.12.11 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions \u003c V10.6.19 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions \u003c V8.18.33 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions \u003c V9.24.31 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-204\", \"description\": \"CWE-204: Observable Response Discrepancy\"}]}], \"providerMetadata\": {\"orgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"shortName\": \"siemens\", \"dateUpdated\": \"2025-01-14T10:29:57.002Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-49069\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-14T10:29:57.002Z\", \"dateReserved\": \"2023-11-21T11:51:19.666Z\", \"assignerOrgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"datePublished\": \"2024-09-10T09:36:25.399Z\", \"assignerShortName\": \"siemens\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CNVD-2024-38024
Vulnerability from cnvd - Published: 2024-09-12
VLAI
Title
Siemens Mendix Runtime信息泄露漏洞
Description
Siemens Mendix是德国西门子(Siemens)公司的一套低代码应用程序开发平台。该平台提供应用程序开发、测试、部署和迭代等功能。
Siemens Mendix Runtime存在信息泄露漏洞,该漏洞源于受影响应用程序的身份验证机制在验证用户名时包含可观察到的响应差异漏洞。允许未经身份验证的远程攻击者可利用该漏洞区分有效和无效的用户名。
Severity
中
Patch Name
Siemens Mendix Runtime信息泄露漏洞的补丁
Patch Description
Siemens Mendix是德国西门子(Siemens)公司的一套低代码应用程序开发平台。该平台提供应用程序开发、测试、部署和迭代等功能。
Siemens Mendix Runtime存在信息泄露漏洞,该漏洞源于受影响应用程序的身份验证机制在验证用户名时包含可观察到的响应差异漏洞。允许未经身份验证的远程攻击者可利用该漏洞区分有效和无效的用户名。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下供应商提供的安全公告获得补丁信息: https://cert-portal.siemens.com/productcert/html/ssa-097435.html
Reference
https://cert-portal.siemens.com/productcert/html/ssa-097435.html
Impacted products
| Name | ['Siemens Mendix Runtime V10.12 < V10.12.2', 'Siemens Mendix Runtime V10.6 < V10.6.12', 'Siemens Mendix Runtime V10 < V10.14.0', 'Siemens Mendix Runtime V9 < V9.24.26', 'Siemens Mendix Runtime V8'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2023-49069"
}
},
"description": "Siemens Mendix\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f4e\u4ee3\u7801\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u63d0\u4f9b\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\u3001\u6d4b\u8bd5\u3001\u90e8\u7f72\u548c\u8fed\u4ee3\u7b49\u529f\u80fd\u3002 \n\nSiemens Mendix Runtime\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u5728\u9a8c\u8bc1\u7528\u6237\u540d\u65f6\u5305\u542b\u53ef\u89c2\u5bdf\u5230\u7684\u54cd\u5e94\u5dee\u5f02\u6f0f\u6d1e\u3002\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u533a\u5206\u6709\u6548\u548c\u65e0\u6548\u7684\u7528\u6237\u540d\u3002",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-097435.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2024-38024",
"openTime": "2024-09-12",
"patchDescription": "Siemens Mendix\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f4e\u4ee3\u7801\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u63d0\u4f9b\u5e94\u7528\u7a0b\u5e8f\u5f00\u53d1\u3001\u6d4b\u8bd5\u3001\u90e8\u7f72\u548c\u8fed\u4ee3\u7b49\u529f\u80fd\u3002 \r\n\r\nSiemens Mendix Runtime\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u53d7\u5f71\u54cd\u5e94\u7528\u7a0b\u5e8f\u7684\u8eab\u4efd\u9a8c\u8bc1\u673a\u5236\u5728\u9a8c\u8bc1\u7528\u6237\u540d\u65f6\u5305\u542b\u53ef\u89c2\u5bdf\u5230\u7684\u54cd\u5e94\u5dee\u5f02\u6f0f\u6d1e\u3002\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u533a\u5206\u6709\u6548\u548c\u65e0\u6548\u7684\u7528\u6237\u540d\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Siemens Mendix Runtime\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Siemens Mendix Runtime V10.12 \u003c V10.12.2",
"Siemens Mendix Runtime V10.6 \u003c V10.6.12",
"Siemens Mendix Runtime V10 \u003c V10.14.0",
"Siemens Mendix Runtime V9 \u003c V9.24.26",
"Siemens Mendix Runtime V8"
]
},
"referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-097435.html",
"serverity": "\u4e2d",
"submitTime": "2024-09-12",
"title": "Siemens Mendix Runtime\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
FKIE_CVE-2023-49069
Vulnerability from fkie_nvd - Published: 2024-09-10 10:15 - Updated: 2026-04-15 00:35
Severity
Summary
A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.17.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.11 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.19 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions < V8.18.33 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.31 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Mendix Runtime V10 (All versions \u003c V10.17.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions \u003c V10.12.11 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions \u003c V10.6.19 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions \u003c V8.18.33 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions \u003c V9.24.31 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Mendix Runtime V10 (todas las versiones anteriores a la V10.14.0, solo si la aplicaci\u00f3n utiliza el mecanismo de autenticaci\u00f3n b\u00e1sico), Mendix Runtime V10.12 (todas las versiones anteriores a la V10.12.2, solo si la aplicaci\u00f3n utiliza el mecanismo de autenticaci\u00f3n b\u00e1sico), Mendix Runtime V10.6 (todas las versiones anteriores a la V10.6.12, solo si la aplicaci\u00f3n utiliza el mecanismo de autenticaci\u00f3n b\u00e1sico), Mendix Runtime V8 (todas las versiones solo si la aplicaci\u00f3n utiliza el mecanismo de autenticaci\u00f3n b\u00e1sico) y Mendix Runtime V9 (todas las versiones anteriores a la V9.24.26, solo si la aplicaci\u00f3n utiliza el mecanismo de autenticaci\u00f3n b\u00e1sico). El mecanismo de autenticaci\u00f3n de las aplicaciones afectadas contiene una vulnerabilidad de discrepancia de respuesta observable al validar nombres de usuario. Esto podr\u00eda permitir que atacantes remotos no autenticados distingan entre nombres de usuario v\u00e1lidos e inv\u00e1lidos."
}
],
"id": "CVE-2023-49069",
"lastModified": "2026-04-15T00:35:42.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "productcert@siemens.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "productcert@siemens.com",
"type": "Secondary"
}
]
},
"published": "2024-09-10T10:15:08.947",
"references": [
{
"source": "productcert@siemens.com",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-097435.html"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-204"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
}
]
}
GHSA-36GF-GHCV-F3QQ
Vulnerability from github – Published: 2024-09-10 12:30 – Updated: 2024-09-10 12:30
VLAI
Details
A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.14.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.2 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.12 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.26 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames.
Severity
5.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2023-49069"
],
"database_specific": {
"cwe_ids": [
"CWE-204"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-09-10T10:15:08Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in Mendix Runtime V10 (All versions \u003c V10.14.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions \u003c V10.12.2 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions \u003c V10.6.12 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions \u003c V9.24.26 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames.",
"id": "GHSA-36gf-ghcv-f3qq",
"modified": "2024-09-10T12:30:37Z",
"published": "2024-09-10T12:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49069"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-097435.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GSD-2023-49069
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-49069",
"id": "GSD-2023-49069"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-49069"
],
"id": "GSD-2023-49069",
"modified": "2023-12-13T01:20:34.931539Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-49069",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
}
}
ICSA-24-256-05
Vulnerability from csaf_cisa - Published: 2024-09-10 00:00 - Updated: 2025-08-12 00:00Summary
Siemens Mendix Runtime
Notes
Summary: Mendix Runtime contains an observable response discrepancy vulnerability when validating usernames during authentication. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames.
Siemens has released new versions for the affected products and recommends to update to the latest versions.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at:
https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer: This ICSA is a verbatim republication of Siemens ProductCERT SSA-097435 from a direct conversion of the vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.
Critical infrastructure sectors: Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mendix Runtime V8
Siemens / Mendix Runtime V8
|
vers:intdot/<8.18.33 |
Mitigation
Mitigation
Vendor Fix
fix
|
|
|
Mendix Runtime V9
Siemens / Mendix Runtime V9
|
vers:intdot/<9.24.31 |
Mitigation
Mitigation
Vendor Fix
fix
|
|
|
Mendix Runtime V10
Siemens / Mendix Runtime V10
|
vers:intdot/<10.17.0 |
Mitigation
Mitigation
Vendor Fix
fix
|
|
|
Mendix Runtime V10.6
Siemens / Mendix Runtime V10.6
|
vers:intdot/<10.6.19 |
Mitigation
Mitigation
Vendor Fix
fix
|
|
|
Mendix Runtime V10.12
Siemens / Mendix Runtime V10.12
|
vers:intdot/<10.12.11 |
Mitigation
Mitigation
Vendor Fix
fix
|
References
10 references
Acknowledgments
Siemens ProductCERT
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting this vulnerability to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Mendix Runtime contains an observable response discrepancy vulnerability when validating usernames during authentication. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames.\n\nSiemens has released new versions for the affected products and recommends to update to the latest versions.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Siemens ProductCERT SSA-097435 from a direct conversion of the vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Siemens ProductCERT directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-097435: Usernames Disclosure Vulnerability in Mendix Runtime - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-097435.json"
},
{
"category": "self",
"summary": "SSA-097435: Usernames Disclosure Vulnerability in Mendix Runtime - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-097435.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-256-05 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-256-05.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-24-256-05 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-05"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens Mendix Runtime",
"tracking": {
"current_release_date": "2025-08-12T00:00:00.000000Z",
"generator": {
"date": "2025-08-14T23:08:52.845653Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-24-256-05",
"initial_release_date": "2024-09-10T00:00:00.000000Z",
"revision_history": [
{
"date": "2024-09-10T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2024-09-12T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added fix for Mendix Runtime V8; updated Acknowledgements"
},
{
"date": "2024-10-08T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Fixed a bug in the csaf output"
},
{
"date": "2024-10-10T00:00:00.000000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Corrected fix version information for all Mendix Runtime version lines (fix releases not yet available, except for V8)"
},
{
"date": "2024-11-12T00:00:00.000000Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Added fix releases for remaining Mendix Runtime version lines"
},
{
"date": "2024-11-26T00:00:00.000000Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Added information about additional required actions after having installed a fix release"
},
{
"date": "2024-12-10T00:00:00.000000Z",
"legacy_version": "1.6",
"number": "7",
"summary": "Added complete fix for Mendix Runtime V10 and the note that other versions still require additional actions after updating to the latest available version"
},
{
"date": "2024-12-12T00:00:00.000000Z",
"legacy_version": "1.7",
"number": "8",
"summary": "Added complete fix for Mendix Runtime V9 and V8"
},
{
"date": "2025-01-14T00:00:00.000000Z",
"legacy_version": "1.8",
"number": "9",
"summary": "Added complete fix for Mendix Runtime V10.12 and V10.6; removed hint about additional required actions in former (incomplete) fix versions"
},
{
"date": "2025-08-12T00:00:00.000000Z",
"legacy_version": "1.9",
"number": "10",
"summary": "Added mitigation for published REST and web services and oData APIs"
}
],
"status": "final",
"version": "10"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c8.18.33",
"product": {
"name": "Mendix Runtime V8",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c9.24.31",
"product": {
"name": "Mendix Runtime V9",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V9"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c10.17.0",
"product": {
"name": "Mendix Runtime V10",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V10"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c10.6.19",
"product": {
"name": "Mendix Runtime V10.6",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V10.6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c10.12.11",
"product": {
"name": "Mendix Runtime V10.12",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V10.12"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-49069",
"cwe": {
"id": "CWE-204",
"name": "Observable Response Discrepancy"
},
"notes": [
{
"category": "summary",
"text": "The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
"remediations": [
{
"category": "mitigation",
"details": "For app user login: Do not use basic authentication, but setup an alternative authentication module (e.g. OIDC SSO, Mendix SSO, or SAML \u003e= V4.0.0), or your own Identity Provider (IDP).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "mitigation",
"details": "For published REST and web services and oData APIs: Do not use basic authentication, but use Custom or Active Session authentication methods.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
},
{
"category": "vendor_fix",
"details": "Update to V10.12.11 or later version",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://docs.mendix.com/releasenotes/studio-pro/10/"
},
{
"category": "vendor_fix",
"details": "Update to V10.17.0 or later version",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://docs.mendix.com/releasenotes/studio-pro/10/"
},
{
"category": "vendor_fix",
"details": "Update to V10.6.19 or later version",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://docs.mendix.com/releasenotes/studio-pro/10/"
},
{
"category": "vendor_fix",
"details": "Update to V8.18.33 or later version",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://docs.mendix.com/releasenotes/studio-pro/8/"
},
{
"category": "vendor_fix",
"details": "Update to V9.24.31 or later version",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://docs.mendix.com/releasenotes/studio-pro/9/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005"
]
}
],
"title": "CVE-2023-49069"
}
]
}
NCSC-2024-0362
Vulnerability from csaf_ncscnl - Published: 2024-09-10 18:20 - Updated: 2024-09-10 18:20Summary
Kwetsbaarheden verholpen in Siemens producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Siemens heeft kwetsbaarheden verholpen in diverse producten als Mendix, SICAM, SIMATIC, SINEMA, SINUMERIK en Tecnomatix.
Interpretaties: De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- Omzeilen van een beveiligingsmaatregel
- Omzeilen van authenticatie
- (Remote) code execution (Administrator/Root rechten)
- (Remote) code execution (Gebruikersrechten)
- Toegang tot systeemgegevens
- Verhoogde gebruikersrechten
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen: Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-115: Misinterpretation of Input
CWE-912: Hidden Functionality
CWE-364: Signal Handler Race Condition
CWE-772: Missing Release of Resource after Effective Lifetime
CWE-732: Incorrect Permission Assignment for Critical Resource
CWE-297: Improper Validation of Certificate with Host Mismatch
CWE-754: Improper Check for Unusual or Exceptional Conditions
CWE-703: Improper Check or Handling of Exceptional Conditions
CWE-319: Cleartext Transmission of Sensitive Information
CWE-613: Insufficient Session Expiration
CWE-190: Integer Overflow or Wraparound
CWE-532: Insertion of Sensitive Information into Log File
CWE-204: Observable Response Discrepancy
CWE-639: Authorization Bypass Through User-Controlled Key
CWE-250: Execution with Unnecessary Privileges
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-404: Improper Resource Shutdown or Release
CWE-284: Improper Access Control
CWE-416: Use After Free
CWE-401: Missing Release of Memory after Effective Lifetime
CWE-476: NULL Pointer Dereference
CWE-295: Improper Certificate Validation
CWE-384: Session Fixation
CWE-122: Heap-based Buffer Overflow
CWE-121: Stack-based Buffer Overflow
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-20: Improper Input Validation
CWE-476
- NULL Pointer Dereference
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
simatic_wincc
siemens
|
cpe:2.3:a:siemens:simatic_wincc:runtime_advanced:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1242-7_v2__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1242-7_v2__incl._siplus_variants_:0:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-1__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-1__incl._siplus_variants_:0:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-1_dnp3__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-1_dnp3__incl._siplus_variants_:0:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-1_iec__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-1_iec__incl._siplus_variants_:0:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-7_lte
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-7_lte:0:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-8_irc
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-8_irc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_hmi_comfort_panels__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_hmi_comfort_panels__incl._siplus_variants_:all_versions:*:*:*:*:*:*:*
|
— | |
|
simatic_ipc_diagbase
siemens
|
cpe:2.3:a:siemens:simatic_ipc_diagbase:0:*:*:*:*:*:*:*
|
— | |
|
simatic_ipc_diagmonitor
siemens
|
cpe:2.3:a:siemens:simatic_ipc_diagmonitor:all_versions:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_runtime_advanced
siemens
|
cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:all_versions:*:*:*:*:*:*:*
|
— | |
|
siplus_tim_1531_irc
siemens
|
cpe:2.3:a:siemens:siplus_tim_1531_irc:0:*:*:*:*:*:*:*
|
— | |
|
tim_1531_irc
siemens
|
cpe:2.3:a:siemens:tim_1531_irc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1242-7_v2__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1242-7_v2__incl._siplus_variants_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-1__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-1__incl._siplus_variants_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-1_dnp3__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-1_dnp3__incl._siplus_variants_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-1_iec__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-1_iec__incl._siplus_variants_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-7_lte
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-7_lte:*:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-8_irc__6gk7243-8rx30-0xe0_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-8_irc__6gk7243-8rx30-0xe0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_hmi_comfort_panels__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_hmi_comfort_panels__incl._siplus_variants_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_ipc_diagbase
siemens
|
cpe:2.3:a:siemens:simatic_ipc_diagbase:*:*:*:*:*:*:*:*
|
— | |
|
simatic_ipc_diagmonitor
siemens
|
cpe:2.3:a:siemens:simatic_ipc_diagmonitor:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_runtime_advanced
siemens
|
cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:*
|
— | |
|
siplus_tim_1531_irc__6ag1543-1mx00-7xe0_
siemens
|
cpe:2.3:a:siemens:siplus_tim_1531_irc__6ag1543-1mx00-7xe0_:*:*:*:*:*:*:*:*
|
— | |
|
tim_1531_irc__6gk7543-1mx00-0xe0_
siemens
|
cpe:2.3:a:siemens:tim_1531_irc__6gk7543-1mx00-0xe0_:*:*:*:*:*:*:*:*
|
— |
CWE-476
- NULL Pointer Dereference
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
simatic_wincc
siemens
|
cpe:2.3:a:siemens:simatic_wincc:runtime_advanced:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1242-7_v2__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1242-7_v2__incl._siplus_variants_:0:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-1__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-1__incl._siplus_variants_:0:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-1_dnp3__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-1_dnp3__incl._siplus_variants_:0:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-1_iec__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-1_iec__incl._siplus_variants_:0:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-7_lte
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-7_lte:0:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-8_irc
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-8_irc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_hmi_comfort_panels__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_hmi_comfort_panels__incl._siplus_variants_:all_versions:*:*:*:*:*:*:*
|
— | |
|
simatic_ipc_diagbase
siemens
|
cpe:2.3:a:siemens:simatic_ipc_diagbase:0:*:*:*:*:*:*:*
|
— | |
|
simatic_ipc_diagmonitor
siemens
|
cpe:2.3:a:siemens:simatic_ipc_diagmonitor:all_versions:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_runtime_advanced
siemens
|
cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:all_versions:*:*:*:*:*:*:*
|
— | |
|
siplus_tim_1531_irc
siemens
|
cpe:2.3:a:siemens:siplus_tim_1531_irc:0:*:*:*:*:*:*:*
|
— | |
|
tim_1531_irc
siemens
|
cpe:2.3:a:siemens:tim_1531_irc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1242-7_v2__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1242-7_v2__incl._siplus_variants_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-1__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-1__incl._siplus_variants_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-1_dnp3__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-1_dnp3__incl._siplus_variants_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-1_iec__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-1_iec__incl._siplus_variants_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-7_lte
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-7_lte:*:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-8_irc__6gk7243-8rx30-0xe0_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-8_irc__6gk7243-8rx30-0xe0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_hmi_comfort_panels__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_hmi_comfort_panels__incl._siplus_variants_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_ipc_diagbase
siemens
|
cpe:2.3:a:siemens:simatic_ipc_diagbase:*:*:*:*:*:*:*:*
|
— | |
|
simatic_ipc_diagmonitor
siemens
|
cpe:2.3:a:siemens:simatic_ipc_diagmonitor:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_runtime_advanced
siemens
|
cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:*
|
— | |
|
siplus_tim_1531_irc__6ag1543-1mx00-7xe0_
siemens
|
cpe:2.3:a:siemens:siplus_tim_1531_irc__6ag1543-1mx00-7xe0_:*:*:*:*:*:*:*:*
|
— | |
|
tim_1531_irc__6gk7543-1mx00-0xe0_
siemens
|
cpe:2.3:a:siemens:tim_1531_irc__6gk7543-1mx00-0xe0_:*:*:*:*:*:*:*:*
|
— |
CWE-476
- NULL Pointer Dereference
Affected products
Known affected
25 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
simatic_wincc
siemens
|
cpe:2.3:a:siemens:simatic_wincc:runtime_advanced:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1242-7_v2__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1242-7_v2__incl._siplus_variants_:0:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-1__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-1__incl._siplus_variants_:0:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-1_dnp3__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-1_dnp3__incl._siplus_variants_:0:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-1_iec__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-1_iec__incl._siplus_variants_:0:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-7_lte
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-7_lte:0:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-8_irc
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-8_irc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_hmi_comfort_panels__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_hmi_comfort_panels__incl._siplus_variants_:all_versions:*:*:*:*:*:*:*
|
— | |
|
simatic_ipc_diagbase
siemens
|
cpe:2.3:a:siemens:simatic_ipc_diagbase:0:*:*:*:*:*:*:*
|
— | |
|
simatic_ipc_diagmonitor
siemens
|
cpe:2.3:a:siemens:simatic_ipc_diagmonitor:all_versions:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_runtime_advanced
siemens
|
cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:all_versions:*:*:*:*:*:*:*
|
— | |
|
siplus_tim_1531_irc
siemens
|
cpe:2.3:a:siemens:siplus_tim_1531_irc:0:*:*:*:*:*:*:*
|
— | |
|
tim_1531_irc
siemens
|
cpe:2.3:a:siemens:tim_1531_irc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1242-7_v2__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1242-7_v2__incl._siplus_variants_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-1__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-1__incl._siplus_variants_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-1_dnp3__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-1_dnp3__incl._siplus_variants_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-1_iec__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-1_iec__incl._siplus_variants_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-7_lte
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-7_lte:*:*:*:*:*:*:*:*
|
— | |
|
simatic_cp_1243-8_irc__6gk7243-8rx30-0xe0_
siemens
|
cpe:2.3:a:siemens:simatic_cp_1243-8_irc__6gk7243-8rx30-0xe0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_hmi_comfort_panels__incl._siplus_variants_
siemens
|
cpe:2.3:a:siemens:simatic_hmi_comfort_panels__incl._siplus_variants_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_ipc_diagbase
siemens
|
cpe:2.3:a:siemens:simatic_ipc_diagbase:*:*:*:*:*:*:*:*
|
— | |
|
simatic_ipc_diagmonitor
siemens
|
cpe:2.3:a:siemens:simatic_ipc_diagmonitor:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_runtime_advanced
siemens
|
cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:*
|
— | |
|
siplus_tim_1531_irc__6ag1543-1mx00-7xe0_
siemens
|
cpe:2.3:a:siemens:siplus_tim_1531_irc__6ag1543-1mx00-7xe0_:*:*:*:*:*:*:*:*
|
— | |
|
tim_1531_irc__6gk7543-1mx00-0xe0_
siemens
|
cpe:2.3:a:siemens:tim_1531_irc__6gk7543-1mx00-0xe0_:*:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
sinema_remote_connect_client
siemens
|
cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*
|
— |
5.3 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
mendix_runtime_v10
siemens
|
cpe:2.3:a:siemens:mendix_runtime_v10:0:*:*:*:*:*:*:*
|
— | |
|
mendix_runtime_v10.12
siemens
|
cpe:2.3:a:siemens:mendix_runtime_v10.12:0:*:*:*:*:*:*:*
|
— | |
|
mendix_runtime_v10.6
siemens
|
cpe:2.3:a:siemens:mendix_runtime_v10.6:0:*:*:*:*:*:*:*
|
— | |
|
mendix_runtime_v8
siemens
|
cpe:2.3:a:siemens:mendix_runtime_v8:0:*:*:*:*:*:*:*
|
— | |
|
mendix_runtime_v9
siemens
|
cpe:2.3:a:siemens:mendix_runtime_v9:0:*:*:*:*:*:*:*
|
— | |
|
mendix_runtime_v10
siemens
|
cpe:2.3:a:siemens:mendix_runtime_v10:*:*:*:*:*:*:*:*
|
— | |
|
mendix_runtime_v10.12
siemens
|
cpe:2.3:a:siemens:mendix_runtime_v10.12:*:*:*:*:*:*:*:*
|
— | |
|
mendix_runtime_v10.6
siemens
|
cpe:2.3:a:siemens:mendix_runtime_v10.6:*:*:*:*:*:*:*:*
|
— | |
|
mendix_runtime_v8
siemens
|
cpe:2.3:a:siemens:mendix_runtime_v8:*:*:*:*:*:*:*:*
|
— | |
|
mendix_runtime_v9
siemens
|
cpe:2.3:a:siemens:mendix_runtime_v9:*:*:*:*:*:*:*:*
|
— |
5.3 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_
siemens
|
cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_
siemens
|
cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_
siemens
|
cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_
siemens
|
cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_:*:*:*:*:*:*:*:*
|
— | |
|
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_
siemens
|
cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_:*:*:*:*:*:*:*:*
|
— | |
|
sinema_remote_connect_client
siemens
|
cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*
|
— |
CWE-295
- Improper Certificate Validation
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_
siemens
|
cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_
siemens
|
cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_
siemens
|
cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_
siemens
|
cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_:*:*:*:*:*:*:*:*
|
— | |
|
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_
siemens
|
cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_:*:*:*:*:*:*:*:*
|
— | |
|
sinema_remote_connect_client
siemens
|
cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*
|
— |
8.6 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_
siemens
|
cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_
siemens
|
cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_
siemens
|
cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_
siemens
|
cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_:*:*:*:*:*:*:*:*
|
— | |
|
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_
siemens
|
cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_:*:*:*:*:*:*:*:*
|
— | |
|
sinema_remote_connect_client
siemens
|
cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*
|
— |
CWE-295
- Improper Certificate Validation
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_
siemens
|
cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_
siemens
|
cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_
siemens
|
cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_
siemens
|
cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_:*:*:*:*:*:*:*:*
|
— | |
|
siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_
siemens
|
cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_:*:*:*:*:*:*:*:*
|
— | |
|
sinema_remote_connect_client
siemens
|
cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*
|
— |
CWE-362
- Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
industrial_edge_management_os__iem-os_
siemens
|
cpe:2.3:a:siemens:industrial_edge_management_os__iem-os_:*:*:*:*:*:*:*:*
|
— | |
|
sinema_remote_connect_server
siemens
|
cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
|
— | |
|
sinumerik_one
siemens
|
cpe:2.3:a:siemens:sinumerik_one:*:*:*:*:*:*:*:*
|
— |
CWE-613
- Insufficient Session Expiration
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
sinema_remote_connect_client
siemens
|
cpe:2.3:a:siemens:sinema_remote_connect_client:0:*:*:*:*:*:*:*
|
— | |
|
sinema_remote_connect_client
siemens
|
cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*
|
— |
9.8 (Critical)
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tia_portal
siemens
|
cpe:2.3:a:siemens:tia_portal:v16:*:*:*:*:*:*:*
|
— | |
|
tia_portal_umc__v2.13.1
siemens
|
cpe:2.3:a:siemens:tia_portal_umc__v2.13.1:*:*:*:*:*:*:*:*
|
— | |
|
tia_portal__v17_update_8
siemens
|
cpe:2.3:a:siemens:tia_portal__v17_update_8:*:*:*:*:*:*:*:*
|
— | |
|
simatic_information_server_2022
siemens
|
cpe:2.3:a:siemens:simatic_information_server_2022:0:*:*:*:*:*:*:*
|
— | |
|
simatic_information_server_2024
siemens
|
cpe:2.3:a:siemens:simatic_information_server_2024:0:*:*:*:*:*:*:*
|
— | |
|
simatic_pcs_neo_v4.0
siemens
|
cpe:2.3:a:siemens:simatic_pcs_neo_v4.0:0:*:*:*:*:*:*:*
|
— | |
|
simatic_pcs_neo_v4.1
siemens
|
cpe:2.3:a:siemens:simatic_pcs_neo_v4.1:0:*:*:*:*:*:*:*
|
— | |
|
simatic_pcs_neo_v5.0
siemens
|
cpe:2.3:a:siemens:simatic_pcs_neo_v5.0:0:*:*:*:*:*:*:*
|
— | |
|
sinec_nms
siemens
|
cpe:2.3:a:siemens:sinec_nms:0:*:*:*:*:*:*:*
|
— | |
|
totally_integrated_automation_portal__tia_portal__v16
siemens
|
cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v16:0:*:*:*:*:*:*:*
|
— | |
|
totally_integrated_automation_portal__tia_portal__v17
siemens
|
cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v17:0:*:*:*:*:*:*:*
|
— | |
|
totally_integrated_automation_portal__tia_portal__v18
siemens
|
cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v18:0:*:*:*:*:*:*:*
|
— | |
|
totally_integrated_automation_portal__tia_portal__v19
siemens
|
cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v19:0:*:*:*:*:*:*:*
|
— | |
|
simatic_information_server_2022
siemens
|
cpe:2.3:a:siemens:simatic_information_server_2022:*:*:*:*:*:*:*:*
|
— | |
|
simatic_information_server_2024
siemens
|
cpe:2.3:a:siemens:simatic_information_server_2024:*:*:*:*:*:*:*:*
|
— | |
|
simatic_pcs_neo_v4.0
siemens
|
cpe:2.3:a:siemens:simatic_pcs_neo_v4.0:*:*:*:*:*:*:*:*
|
— | |
|
simatic_pcs_neo_v4.1
siemens
|
cpe:2.3:a:siemens:simatic_pcs_neo_v4.1:*:*:*:*:*:*:*:*
|
— | |
|
simatic_pcs_neo_v5.0
siemens
|
cpe:2.3:a:siemens:simatic_pcs_neo_v5.0:*:*:*:*:*:*:*:*
|
— | |
|
sinec_nms
siemens
|
cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*
|
— | |
|
totally_integrated_automation_portal__tia_portal__v16
siemens
|
cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v16:*:*:*:*:*:*:*:*
|
— | |
|
totally_integrated_automation_portal__tia_portal__v17
siemens
|
cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v17:*:*:*:*:*:*:*:*
|
— | |
|
totally_integrated_automation_portal__tia_portal__v18
siemens
|
cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v18:*:*:*:*:*:*:*:*
|
— | |
|
totally_integrated_automation_portal__tia_portal__v19
siemens
|
cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v19:*:*:*:*:*:*:*:*
|
— |
8.2 (High)
Affected products
Known affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
sicam
siemens
|
cpe:2.3:h:siemens:sicam:egs_device:*:*:*:*:*:*:*
|
— | |
|
sicam
siemens
|
cpe:2.3:h:siemens:sicam:8_software_solution:*:*:*:*:*:*:*
|
— | |
|
sicam
siemens
|
cpe:2.3:h:siemens:sicam:a8000_device:*:*:*:*:*:*:*
|
— | |
|
sicam_scc__10.0
siemens
|
cpe:2.3:a:siemens:sicam_scc__10.0:*:*:*:*:*:*:*:*
|
— | |
|
eti5_ethernet_int._1x100tx_iec61850
siemens
|
cpe:2.3:a:siemens:eti5_ethernet_int._1x100tx_iec61850:*:*:*:*:*:*:*:*
|
— | |
|
sicam_scc
siemens
|
cpe:2.3:a:siemens:sicam_scc:*:*:*:*:*:*:*:*
|
— | |
|
sitipe_at
siemens
|
cpe:2.3:a:siemens:sitipe_at:*:*:*:*:*:*:*:*
|
— |
9.1 (Critical)
Affected products
Known affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
simatic_batch_v9.1
siemens
|
cpe:2.3:a:siemens:simatic_batch_v9.1:0:*:*:*:*:*:*:*
|
— | |
|
simatic_information_server_2020
siemens
|
cpe:2.3:a:siemens:simatic_information_server_2020:0:*:*:*:*:*:*:*
|
— | |
|
simatic_information_server_2022
siemens
|
cpe:2.3:a:siemens:simatic_information_server_2022:0:*:*:*:*:*:*:*
|
— | |
|
simatic_pcs_7_v9.1
siemens
|
cpe:2.3:a:siemens:simatic_pcs_7_v9.1:0:*:*:*:*:*:*:*
|
— | |
|
simatic_process_historian_2020
siemens
|
cpe:2.3:a:siemens:simatic_process_historian_2020:0:*:*:*:*:*:*:*
|
— | |
|
simatic_process_historian_2022
siemens
|
cpe:2.3:a:siemens:simatic_process_historian_2022:0:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_runtime_professional_v18
siemens
|
cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v18:0:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_runtime_professional_v19
siemens
|
cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v19:0:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_v7.4
siemens
|
cpe:2.3:a:siemens:simatic_wincc_v7.4:0:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_v7.5
siemens
|
cpe:2.3:a:siemens:simatic_wincc_v7.5:0:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_v8.0
siemens
|
cpe:2.3:a:siemens:simatic_wincc_v8.0:0:*:*:*:*:*:*:*
|
— | |
|
simatic_batch_v9.1
siemens
|
cpe:2.3:a:siemens:simatic_batch_v9.1:*:*:*:*:*:*:*:*
|
— | |
|
simatic_information_server_2020
siemens
|
cpe:2.3:a:siemens:simatic_information_server_2020:*:*:*:*:*:*:*:*
|
— | |
|
simatic_information_server_2022
siemens
|
cpe:2.3:a:siemens:simatic_information_server_2022:*:*:*:*:*:*:*:*
|
— | |
|
simatic_pcs_7_v9.1
siemens
|
cpe:2.3:a:siemens:simatic_pcs_7_v9.1:*:*:*:*:*:*:*:*
|
— | |
|
simatic_process_historian_2020
siemens
|
cpe:2.3:a:siemens:simatic_process_historian_2020:*:*:*:*:*:*:*:*
|
— | |
|
simatic_process_historian_2022
siemens
|
cpe:2.3:a:siemens:simatic_process_historian_2022:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_runtime_professional_v18
siemens
|
cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v18:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_runtime_professional_v19
siemens
|
cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v19:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_v7.4
siemens
|
cpe:2.3:a:siemens:simatic_wincc_v7.4:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_v7.5
siemens
|
cpe:2.3:a:siemens:simatic_wincc_v7.5:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_v8.0
siemens
|
cpe:2.3:a:siemens:simatic_wincc_v8.0:*:*:*:*:*:*:*:*
|
— |
6.5 (Medium)
Affected products
Known affected
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
simatic_reader_rf610r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_arib
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_arib:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_arib
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_arib:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_arib
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_arib:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf1140r
siemens
|
cpe:2.3:a:siemens:simatic_rf1140r:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf1170r
siemens
|
cpe:2.3:a:siemens:simatic_rf1170r:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf166c
siemens
|
cpe:2.3:a:siemens:simatic_rf166c:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf185c
siemens
|
cpe:2.3:a:siemens:simatic_rf185c:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf186c
siemens
|
cpe:2.3:a:siemens:simatic_rf186c:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf186ci
siemens
|
cpe:2.3:a:siemens:simatic_rf186ci:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf188c
siemens
|
cpe:2.3:a:siemens:simatic_rf188c:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf188ci
siemens
|
cpe:2.3:a:siemens:simatic_rf188ci:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf360r
siemens
|
cpe:2.3:a:siemens:simatic_rf360r:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_cmiit__6gt2811-6bc10-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_cmiit__6gt2811-6bc10-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_etsi__6gt2811-6bc10-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_etsi__6gt2811-6bc10-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_fcc__6gt2811-6bc10-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_fcc__6gt2811-6bc10-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_cmiit__6gt2811-6cc10-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_cmiit__6gt2811-6cc10-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_etsi__6gt2811-6cc10-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_etsi__6gt2811-6cc10-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_fcc__6gt2811-6cc10-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_fcc__6gt2811-6cc10-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_arib__6gt2811-6ab20-4aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_arib__6gt2811-6ab20-4aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_cmiit__6gt2811-6ab20-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_cmiit__6gt2811-6ab20-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_etsi__6gt2811-6ab20-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_etsi__6gt2811-6ab20-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_fcc__6gt2811-6ab20-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_fcc__6gt2811-6ab20-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_arib__6gt2811-6aa10-4aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_arib__6gt2811-6aa10-4aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_cmiit__6gt2811-6aa10-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_cmiit__6gt2811-6aa10-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_etsi__6gt2811-6aa10-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_etsi__6gt2811-6aa10-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_fcc__6gt2811-6aa10-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_fcc__6gt2811-6aa10-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_arib__6gt2811-6ca10-4aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_arib__6gt2811-6ca10-4aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_cmiit__6gt2811-6ca10-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_cmiit__6gt2811-6ca10-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_etsi__6gt2811-6ca10-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_etsi__6gt2811-6ca10-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_fcc__6gt2811-6ca10-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_fcc__6gt2811-6ca10-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf1140r__6gt2831-6cb00_
siemens
|
cpe:2.3:a:siemens:simatic_rf1140r__6gt2831-6cb00_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf1170r__6gt2831-6bb00_
siemens
|
cpe:2.3:a:siemens:simatic_rf1170r__6gt2831-6bb00_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf166c__6gt2002-0ee20_
siemens
|
cpe:2.3:a:siemens:simatic_rf166c__6gt2002-0ee20_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf185c__6gt2002-0je10_
siemens
|
cpe:2.3:a:siemens:simatic_rf185c__6gt2002-0je10_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf186c__6gt2002-0je20_
siemens
|
cpe:2.3:a:siemens:simatic_rf186c__6gt2002-0je20_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf186ci__6gt2002-0je50_
siemens
|
cpe:2.3:a:siemens:simatic_rf186ci__6gt2002-0je50_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf188c__6gt2002-0je40_
siemens
|
cpe:2.3:a:siemens:simatic_rf188c__6gt2002-0je40_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf188ci__6gt2002-0je60_
siemens
|
cpe:2.3:a:siemens:simatic_rf188ci__6gt2002-0je60_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf360r__6gt2801-5ba30_
siemens
|
cpe:2.3:a:siemens:simatic_rf360r__6gt2801-5ba30_:*:*:*:*:*:*:*:*
|
— |
4.9 (Medium)
Affected products
Known affected
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
simatic_reader_rf610r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_arib
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_arib:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_arib
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_arib:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_arib
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_arib:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf1140r
siemens
|
cpe:2.3:a:siemens:simatic_rf1140r:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf1170r
siemens
|
cpe:2.3:a:siemens:simatic_rf1170r:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf166c
siemens
|
cpe:2.3:a:siemens:simatic_rf166c:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf185c
siemens
|
cpe:2.3:a:siemens:simatic_rf185c:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf186c
siemens
|
cpe:2.3:a:siemens:simatic_rf186c:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf186ci
siemens
|
cpe:2.3:a:siemens:simatic_rf186ci:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf188c
siemens
|
cpe:2.3:a:siemens:simatic_rf188c:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf188ci
siemens
|
cpe:2.3:a:siemens:simatic_rf188ci:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf360r
siemens
|
cpe:2.3:a:siemens:simatic_rf360r:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_cmiit__6gt2811-6bc10-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_cmiit__6gt2811-6bc10-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_etsi__6gt2811-6bc10-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_etsi__6gt2811-6bc10-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_fcc__6gt2811-6bc10-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_fcc__6gt2811-6bc10-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_cmiit__6gt2811-6cc10-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_cmiit__6gt2811-6cc10-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_etsi__6gt2811-6cc10-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_etsi__6gt2811-6cc10-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_fcc__6gt2811-6cc10-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_fcc__6gt2811-6cc10-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_arib__6gt2811-6ab20-4aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_arib__6gt2811-6ab20-4aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_cmiit__6gt2811-6ab20-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_cmiit__6gt2811-6ab20-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_etsi__6gt2811-6ab20-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_etsi__6gt2811-6ab20-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_fcc__6gt2811-6ab20-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_fcc__6gt2811-6ab20-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_arib__6gt2811-6aa10-4aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_arib__6gt2811-6aa10-4aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_cmiit__6gt2811-6aa10-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_cmiit__6gt2811-6aa10-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_etsi__6gt2811-6aa10-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_etsi__6gt2811-6aa10-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_fcc__6gt2811-6aa10-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_fcc__6gt2811-6aa10-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_arib__6gt2811-6ca10-4aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_arib__6gt2811-6ca10-4aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_cmiit__6gt2811-6ca10-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_cmiit__6gt2811-6ca10-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_etsi__6gt2811-6ca10-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_etsi__6gt2811-6ca10-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_fcc__6gt2811-6ca10-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_fcc__6gt2811-6ca10-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf1140r__6gt2831-6cb00_
siemens
|
cpe:2.3:a:siemens:simatic_rf1140r__6gt2831-6cb00_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf1170r__6gt2831-6bb00_
siemens
|
cpe:2.3:a:siemens:simatic_rf1170r__6gt2831-6bb00_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf166c__6gt2002-0ee20_
siemens
|
cpe:2.3:a:siemens:simatic_rf166c__6gt2002-0ee20_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf185c__6gt2002-0je10_
siemens
|
cpe:2.3:a:siemens:simatic_rf185c__6gt2002-0je10_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf186c__6gt2002-0je20_
siemens
|
cpe:2.3:a:siemens:simatic_rf186c__6gt2002-0je20_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf186ci__6gt2002-0je50_
siemens
|
cpe:2.3:a:siemens:simatic_rf186ci__6gt2002-0je50_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf188c__6gt2002-0je40_
siemens
|
cpe:2.3:a:siemens:simatic_rf188c__6gt2002-0je40_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf188ci__6gt2002-0je60_
siemens
|
cpe:2.3:a:siemens:simatic_rf188ci__6gt2002-0je60_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf360r__6gt2801-5ba30_
siemens
|
cpe:2.3:a:siemens:simatic_rf360r__6gt2801-5ba30_:*:*:*:*:*:*:*:*
|
— |
5.3 (Medium)
Affected products
Known affected
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
simatic_reader_rf610r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_arib
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_arib:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_arib
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_arib:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_arib
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_arib:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf1140r
siemens
|
cpe:2.3:a:siemens:simatic_rf1140r:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf1170r
siemens
|
cpe:2.3:a:siemens:simatic_rf1170r:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf166c
siemens
|
cpe:2.3:a:siemens:simatic_rf166c:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf185c
siemens
|
cpe:2.3:a:siemens:simatic_rf185c:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf186c
siemens
|
cpe:2.3:a:siemens:simatic_rf186c:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf186ci
siemens
|
cpe:2.3:a:siemens:simatic_rf186ci:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf188c
siemens
|
cpe:2.3:a:siemens:simatic_rf188c:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf188ci
siemens
|
cpe:2.3:a:siemens:simatic_rf188ci:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf360r
siemens
|
cpe:2.3:a:siemens:simatic_rf360r:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_cmiit__6gt2811-6bc10-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_cmiit__6gt2811-6bc10-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_etsi__6gt2811-6bc10-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_etsi__6gt2811-6bc10-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_fcc__6gt2811-6bc10-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_fcc__6gt2811-6bc10-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_cmiit__6gt2811-6cc10-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_cmiit__6gt2811-6cc10-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_etsi__6gt2811-6cc10-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_etsi__6gt2811-6cc10-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_fcc__6gt2811-6cc10-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_fcc__6gt2811-6cc10-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_arib__6gt2811-6ab20-4aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_arib__6gt2811-6ab20-4aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_cmiit__6gt2811-6ab20-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_cmiit__6gt2811-6ab20-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_etsi__6gt2811-6ab20-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_etsi__6gt2811-6ab20-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_fcc__6gt2811-6ab20-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_fcc__6gt2811-6ab20-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_arib__6gt2811-6aa10-4aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_arib__6gt2811-6aa10-4aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_cmiit__6gt2811-6aa10-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_cmiit__6gt2811-6aa10-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_etsi__6gt2811-6aa10-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_etsi__6gt2811-6aa10-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_fcc__6gt2811-6aa10-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_fcc__6gt2811-6aa10-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_arib__6gt2811-6ca10-4aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_arib__6gt2811-6ca10-4aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_cmiit__6gt2811-6ca10-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_cmiit__6gt2811-6ca10-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_etsi__6gt2811-6ca10-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_etsi__6gt2811-6ca10-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_fcc__6gt2811-6ca10-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_fcc__6gt2811-6ca10-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf1140r__6gt2831-6cb00_
siemens
|
cpe:2.3:a:siemens:simatic_rf1140r__6gt2831-6cb00_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf1170r__6gt2831-6bb00_
siemens
|
cpe:2.3:a:siemens:simatic_rf1170r__6gt2831-6bb00_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf166c__6gt2002-0ee20_
siemens
|
cpe:2.3:a:siemens:simatic_rf166c__6gt2002-0ee20_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf185c__6gt2002-0je10_
siemens
|
cpe:2.3:a:siemens:simatic_rf185c__6gt2002-0je10_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf186c__6gt2002-0je20_
siemens
|
cpe:2.3:a:siemens:simatic_rf186c__6gt2002-0je20_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf186ci__6gt2002-0je50_
siemens
|
cpe:2.3:a:siemens:simatic_rf186ci__6gt2002-0je50_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf188c__6gt2002-0je40_
siemens
|
cpe:2.3:a:siemens:simatic_rf188c__6gt2002-0je40_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf188ci__6gt2002-0je60_
siemens
|
cpe:2.3:a:siemens:simatic_rf188ci__6gt2002-0je60_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf360r__6gt2801-5ba30_
siemens
|
cpe:2.3:a:siemens:simatic_rf360r__6gt2801-5ba30_:*:*:*:*:*:*:*:*
|
— |
CWE-912
- Hidden Functionality
Affected products
Known affected
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
simatic_reader_rf610r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_arib
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_arib:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_arib
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_arib:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_arib
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_arib:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf1140r
siemens
|
cpe:2.3:a:siemens:simatic_rf1140r:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf1170r
siemens
|
cpe:2.3:a:siemens:simatic_rf1170r:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf166c
siemens
|
cpe:2.3:a:siemens:simatic_rf166c:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf185c
siemens
|
cpe:2.3:a:siemens:simatic_rf185c:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf186c
siemens
|
cpe:2.3:a:siemens:simatic_rf186c:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf186ci
siemens
|
cpe:2.3:a:siemens:simatic_rf186ci:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf188c
siemens
|
cpe:2.3:a:siemens:simatic_rf188c:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf188ci
siemens
|
cpe:2.3:a:siemens:simatic_rf188ci:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf360r
siemens
|
cpe:2.3:a:siemens:simatic_rf360r:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_cmiit__6gt2811-6bc10-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_cmiit__6gt2811-6bc10-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_etsi__6gt2811-6bc10-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_etsi__6gt2811-6bc10-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_fcc__6gt2811-6bc10-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_fcc__6gt2811-6bc10-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_cmiit__6gt2811-6cc10-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_cmiit__6gt2811-6cc10-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_etsi__6gt2811-6cc10-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_etsi__6gt2811-6cc10-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_fcc__6gt2811-6cc10-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_fcc__6gt2811-6cc10-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_arib__6gt2811-6ab20-4aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_arib__6gt2811-6ab20-4aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_cmiit__6gt2811-6ab20-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_cmiit__6gt2811-6ab20-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_etsi__6gt2811-6ab20-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_etsi__6gt2811-6ab20-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_fcc__6gt2811-6ab20-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_fcc__6gt2811-6ab20-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_arib__6gt2811-6aa10-4aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_arib__6gt2811-6aa10-4aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_cmiit__6gt2811-6aa10-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_cmiit__6gt2811-6aa10-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_etsi__6gt2811-6aa10-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_etsi__6gt2811-6aa10-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_fcc__6gt2811-6aa10-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_fcc__6gt2811-6aa10-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_arib__6gt2811-6ca10-4aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_arib__6gt2811-6ca10-4aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_cmiit__6gt2811-6ca10-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_cmiit__6gt2811-6ca10-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_etsi__6gt2811-6ca10-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_etsi__6gt2811-6ca10-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_fcc__6gt2811-6ca10-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_fcc__6gt2811-6ca10-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf1140r__6gt2831-6cb00_
siemens
|
cpe:2.3:a:siemens:simatic_rf1140r__6gt2831-6cb00_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf1170r__6gt2831-6bb00_
siemens
|
cpe:2.3:a:siemens:simatic_rf1170r__6gt2831-6bb00_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf166c__6gt2002-0ee20_
siemens
|
cpe:2.3:a:siemens:simatic_rf166c__6gt2002-0ee20_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf185c__6gt2002-0je10_
siemens
|
cpe:2.3:a:siemens:simatic_rf185c__6gt2002-0je10_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf186c__6gt2002-0je20_
siemens
|
cpe:2.3:a:siemens:simatic_rf186c__6gt2002-0je20_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf186ci__6gt2002-0je50_
siemens
|
cpe:2.3:a:siemens:simatic_rf186ci__6gt2002-0je50_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf188c__6gt2002-0je40_
siemens
|
cpe:2.3:a:siemens:simatic_rf188c__6gt2002-0je40_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf188ci__6gt2002-0je60_
siemens
|
cpe:2.3:a:siemens:simatic_rf188ci__6gt2002-0je60_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf360r__6gt2801-5ba30_
siemens
|
cpe:2.3:a:siemens:simatic_rf360r__6gt2801-5ba30_:*:*:*:*:*:*:*:*
|
— |
CWE-703
- Improper Check or Handling of Exceptional Conditions
Affected products
Known affected
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
simatic_reader_rf610r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_arib
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_arib:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_arib
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_arib:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_arib
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_arib:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_cmiit
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_cmiit:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_etsi
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_etsi:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_fcc
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_fcc:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf1140r
siemens
|
cpe:2.3:a:siemens:simatic_rf1140r:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf1170r
siemens
|
cpe:2.3:a:siemens:simatic_rf1170r:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf166c
siemens
|
cpe:2.3:a:siemens:simatic_rf166c:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf185c
siemens
|
cpe:2.3:a:siemens:simatic_rf185c:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf186c
siemens
|
cpe:2.3:a:siemens:simatic_rf186c:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf186ci
siemens
|
cpe:2.3:a:siemens:simatic_rf186ci:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf188c
siemens
|
cpe:2.3:a:siemens:simatic_rf188c:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf188ci
siemens
|
cpe:2.3:a:siemens:simatic_rf188ci:0:*:*:*:*:*:*:*
|
— | |
|
simatic_rf360r
siemens
|
cpe:2.3:a:siemens:simatic_rf360r:0:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_cmiit__6gt2811-6bc10-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_cmiit__6gt2811-6bc10-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_etsi__6gt2811-6bc10-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_etsi__6gt2811-6bc10-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf610r_fcc__6gt2811-6bc10-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf610r_fcc__6gt2811-6bc10-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_cmiit__6gt2811-6cc10-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_cmiit__6gt2811-6cc10-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_etsi__6gt2811-6cc10-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_etsi__6gt2811-6cc10-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf615r_fcc__6gt2811-6cc10-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf615r_fcc__6gt2811-6cc10-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_arib__6gt2811-6ab20-4aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_arib__6gt2811-6ab20-4aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_cmiit__6gt2811-6ab20-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_cmiit__6gt2811-6ab20-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_etsi__6gt2811-6ab20-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_etsi__6gt2811-6ab20-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf650r_fcc__6gt2811-6ab20-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf650r_fcc__6gt2811-6ab20-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_arib__6gt2811-6aa10-4aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_arib__6gt2811-6aa10-4aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_cmiit__6gt2811-6aa10-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_cmiit__6gt2811-6aa10-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_etsi__6gt2811-6aa10-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_etsi__6gt2811-6aa10-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf680r_fcc__6gt2811-6aa10-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf680r_fcc__6gt2811-6aa10-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_arib__6gt2811-6ca10-4aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_arib__6gt2811-6ca10-4aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_cmiit__6gt2811-6ca10-2aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_cmiit__6gt2811-6ca10-2aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_etsi__6gt2811-6ca10-0aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_etsi__6gt2811-6ca10-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_reader_rf685r_fcc__6gt2811-6ca10-1aa0_
siemens
|
cpe:2.3:a:siemens:simatic_reader_rf685r_fcc__6gt2811-6ca10-1aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf1140r__6gt2831-6cb00_
siemens
|
cpe:2.3:a:siemens:simatic_rf1140r__6gt2831-6cb00_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf1170r__6gt2831-6bb00_
siemens
|
cpe:2.3:a:siemens:simatic_rf1170r__6gt2831-6bb00_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf166c__6gt2002-0ee20_
siemens
|
cpe:2.3:a:siemens:simatic_rf166c__6gt2002-0ee20_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf185c__6gt2002-0je10_
siemens
|
cpe:2.3:a:siemens:simatic_rf185c__6gt2002-0je10_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf186c__6gt2002-0je20_
siemens
|
cpe:2.3:a:siemens:simatic_rf186c__6gt2002-0je20_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf186ci__6gt2002-0je50_
siemens
|
cpe:2.3:a:siemens:simatic_rf186ci__6gt2002-0je50_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf188c__6gt2002-0je40_
siemens
|
cpe:2.3:a:siemens:simatic_rf188c__6gt2002-0je40_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf188ci__6gt2002-0je60_
siemens
|
cpe:2.3:a:siemens:simatic_rf188ci__6gt2002-0je60_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_rf360r__6gt2801-5ba30_
siemens
|
cpe:2.3:a:siemens:simatic_rf360r__6gt2801-5ba30_:*:*:*:*:*:*:*:*
|
— |
7.3 (High)
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
simatic_wincc
siemens
|
cpe:2.3:a:siemens:simatic_wincc:8.0:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc
siemens
|
cpe:2.3:a:siemens:simatic_wincc:runtime_professional_v19:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc
siemens
|
cpe:2.3:a:siemens:simatic_wincc:runtime_professional_v20:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc
siemens
|
cpe:2.3:a:siemens:simatic_wincc:7.4:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc
siemens
|
cpe:2.3:a:siemens:simatic_wincc:7.5:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc
siemens
|
cpe:2.3:a:siemens:simatic_wincc:runtime_professional_v17:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc
siemens
|
cpe:2.3:a:siemens:simatic_wincc:runtime_professional_v18:*:*:*:*:*:*:*
|
— | |
|
ai_model_deployer
siemens
|
cpe:2.3:a:siemens:ai_model_deployer:*:*:*:*:*:*:*:*
|
— | |
|
data_flow_monitoring_industrial_edge_device_user_interface__dfm_ied_ui_
siemens
|
cpe:2.3:a:siemens:data_flow_monitoring_industrial_edge_device_user_interface__dfm_ied_ui_:*:*:*:*:*:*:*:*
|
— | |
|
livetwin_industrial_edge_app__6av2170-0bl00-0aa0_
siemens
|
cpe:2.3:a:siemens:livetwin_industrial_edge_app__6av2170-0bl00-0aa0_:*:*:*:*:*:*:*:*
|
— | |
|
simatic_pcs_neo_v4.1
siemens
|
cpe:2.3:a:siemens:simatic_pcs_neo_v4.1:*:*:*:*:*:*:*:*
|
— | |
|
simatic_pcs_neo_v5.0
siemens
|
cpe:2.3:a:siemens:simatic_pcs_neo_v5.0:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_runtime_professional_v17
siemens
|
cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v17:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_runtime_professional_v18
siemens
|
cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v18:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_runtime_professional_v19
siemens
|
cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v19:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_runtime_professional_v20
siemens
|
cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v20:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_v7.4
siemens
|
cpe:2.3:a:siemens:simatic_wincc_v7.4:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_v7.5
siemens
|
cpe:2.3:a:siemens:simatic_wincc_v7.5:*:*:*:*:*:*:*:*
|
— | |
|
simatic_wincc_v8.0
siemens
|
cpe:2.3:a:siemens:simatic_wincc_v8.0:*:*:*:*:*:*:*:*
|
— | |
|
tia_administrator
siemens
|
cpe:2.3:a:siemens:tia_administrator:*:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:0:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2302
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*
|
— | |
|
tecnomatix_plant_simulation_v2404
siemens
|
cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*
|
— |
CWE-732
- Incorrect Permission Assignment for Critical Resource
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
sinumerik_828d_v4
siemens
|
cpe:2.3:a:siemens:sinumerik_828d_v4:0:*:*:*:*:*:*:*
|
— | |
|
sinumerik_828d_v5
siemens
|
cpe:2.3:a:siemens:sinumerik_828d_v5:0:*:*:*:*:*:*:*
|
— | |
|
sinumerik_840d_sl_v4
siemens
|
cpe:2.3:a:siemens:sinumerik_840d_sl_v4:0:*:*:*:*:*:*:*
|
— | |
|
sinumerik_one
siemens
|
cpe:2.3:a:siemens:sinumerik_one:0:*:*:*:*:*:*:*
|
— | |
|
sinumerik_828d_v4
siemens
|
cpe:2.3:a:siemens:sinumerik_828d_v4:*:*:*:*:*:*:*:*
|
— | |
|
sinumerik_828d_v5
siemens
|
cpe:2.3:a:siemens:sinumerik_828d_v5:*:*:*:*:*:*:*:*
|
— | |
|
sinumerik_840d_sl_v4
siemens
|
cpe:2.3:a:siemens:sinumerik_840d_sl_v4:*:*:*:*:*:*:*:*
|
— | |
|
sinumerik_one
siemens
|
cpe:2.3:a:siemens:sinumerik_one:*:*:*:*:*:*:*:*
|
— |
CWE-532
- Insertion of Sensitive Information into Log File
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
sinema_remote_connect_client
siemens
|
cpe:2.3:a:siemens:sinema_remote_connect_client:0:*:*:*:*:*:*:*
|
— | |
|
sinema_remote_connect_client
siemens
|
cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*
|
— |
CWE-384
- Session Fixation
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
sinema_remote_connect_server
siemens
|
cpe:2.3:a:siemens:sinema_remote_connect_server:0:*:*:*:*:*:*:*
|
— | |
|
sinema_remote_connect_server
siemens
|
cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
|
— |
CWE-532
- Insertion of Sensitive Information into Log File
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
sinumerik_828d_v4
siemens
|
cpe:2.3:a:siemens:sinumerik_828d_v4:0:*:*:*:*:*:*:*
|
— | |
|
sinumerik_840d_sl_v4
siemens
|
cpe:2.3:a:siemens:sinumerik_840d_sl_v4:0:*:*:*:*:*:*:*
|
— | |
|
sinumerik_one
siemens
|
cpe:2.3:a:siemens:sinumerik_one:0:*:*:*:*:*:*:*
|
— | |
|
sinumerik_828d_v4
siemens
|
cpe:2.3:a:siemens:sinumerik_828d_v4:*:*:*:*:*:*:*:*
|
— | |
|
sinumerik_840d_sl_v4
siemens
|
cpe:2.3:a:siemens:sinumerik_840d_sl_v4:*:*:*:*:*:*:*:*
|
— | |
|
sinumerik_one
siemens
|
cpe:2.3:a:siemens:sinumerik_one:*:*:*:*:*:*:*:*
|
— |
8.6 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
automation_license_manager_v5
siemens
|
cpe:2.3:a:siemens:automation_license_manager_v5:0:*:*:*:*:*:*:*
|
— | |
|
automation_license_manager_v6.0
siemens
|
cpe:2.3:a:siemens:automation_license_manager_v6.0:0:*:*:*:*:*:*:*
|
— | |
|
automation_license_manager_v6.2
siemens
|
cpe:2.3:a:siemens:automation_license_manager_v6.2:0:*:*:*:*:*:*:*
|
— | |
|
automation_license_manager_v5
siemens
|
cpe:2.3:a:siemens:automation_license_manager_v5:*:*:*:*:*:*:*:*
|
— | |
|
automation_license_manager_v6.0
siemens
|
cpe:2.3:a:siemens:automation_license_manager_v6.0:*:*:*:*:*:*:*:*
|
— | |
|
automation_license_manager_v6.2
siemens
|
cpe:2.3:a:siemens:automation_license_manager_v6.2:*:*:*:*:*:*:*:*
|
— |
10.0 (Critical)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
industrial_edge_management_pro
siemens
|
cpe:2.3:a:siemens:industrial_edge_management_pro:0:*:*:*:*:*:*:*
|
— | |
|
industrial_edge_management_virtual
siemens
|
cpe:2.3:a:siemens:industrial_edge_management_virtual:0:*:*:*:*:*:*:*
|
— | |
|
industrial_edge_management_pro
siemens
|
cpe:2.3:a:siemens:industrial_edge_management_pro:*:*:*:*:*:*:*:*
|
— | |
|
industrial_edge_management_virtual
siemens
|
cpe:2.3:a:siemens:industrial_edge_management_virtual:*:*:*:*:*:*:*:*
|
— |
References
43 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Siemens heeft kwetsbaarheden verholpen in diverse producten als Mendix, SICAM, SIMATIC, SINEMA, SINUMERIK en Tecnomatix.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- Omzeilen van authenticatie\n- (Remote) code execution (Administrator/Root rechten)\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Verhoogde gebruikersrechten\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico\u0027s zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Misinterpretation of Input",
"title": "CWE-115"
},
{
"category": "general",
"text": "Hidden Functionality",
"title": "CWE-912"
},
{
"category": "general",
"text": "Signal Handler Race Condition",
"title": "CWE-364"
},
{
"category": "general",
"text": "Missing Release of Resource after Effective Lifetime",
"title": "CWE-772"
},
{
"category": "general",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
},
{
"category": "general",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "general",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "general",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
},
{
"category": "general",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
},
{
"category": "general",
"text": "Insufficient Session Expiration",
"title": "CWE-613"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
},
{
"category": "general",
"text": "Observable Response Discrepancy",
"title": "CWE-204"
},
{
"category": "general",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
},
{
"category": "general",
"text": "Execution with Unnecessary Privileges",
"title": "CWE-250"
},
{
"category": "general",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Session Fixation",
"title": "CWE-384"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-039007.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-097435.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-097786.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-103653.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-342438.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-359713.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-417159.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-423808.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-427715.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-446545.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-629254.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-673996.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-765405.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-773256.pdf"
},
{
"category": "external",
"summary": "Reference - ncscclear",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-869574.pdf"
}
],
"title": "Kwetsbaarheden verholpen in Siemens producten",
"tracking": {
"current_release_date": "2024-09-10T18:20:41.668720Z",
"id": "NCSC-2024-0362",
"initial_release_date": "2024-09-10T18:20:41.668720Z",
"revision_history": [
{
"date": "2024-09-10T18:20:41.668720Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "ai_model_deployer",
"product": {
"name": "ai_model_deployer",
"product_id": "CSAFPID-1637884",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:ai_model_deployer:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "automation_license_manager_v5",
"product": {
"name": "automation_license_manager_v5",
"product_id": "CSAFPID-1637629",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:automation_license_manager_v5:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "automation_license_manager_v5",
"product": {
"name": "automation_license_manager_v5",
"product_id": "CSAFPID-1553852",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:automation_license_manager_v5:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "automation_license_manager_v6.0",
"product": {
"name": "automation_license_manager_v6.0",
"product_id": "CSAFPID-1637630",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:automation_license_manager_v6.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "automation_license_manager_v6.0",
"product": {
"name": "automation_license_manager_v6.0",
"product_id": "CSAFPID-1637609",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:automation_license_manager_v6.0:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "automation_license_manager_v6.2",
"product": {
"name": "automation_license_manager_v6.2",
"product_id": "CSAFPID-1637631",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:automation_license_manager_v6.2:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "automation_license_manager_v6.2",
"product": {
"name": "automation_license_manager_v6.2",
"product_id": "CSAFPID-1637610",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:automation_license_manager_v6.2:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "data_flow_monitoring_industrial_edge_device_user_interface__dfm_ied_ui_",
"product": {
"name": "data_flow_monitoring_industrial_edge_device_user_interface__dfm_ied_ui_",
"product_id": "CSAFPID-1637885",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:data_flow_monitoring_industrial_edge_device_user_interface__dfm_ied_ui_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "eti5_ethernet_int._1x100tx_iec61850",
"product": {
"name": "eti5_ethernet_int._1x100tx_iec61850",
"product_id": "CSAFPID-1637840",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:eti5_ethernet_int._1x100tx_iec61850:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "industrial_edge_management_os__iem-os_",
"product": {
"name": "industrial_edge_management_os__iem-os_",
"product_id": "CSAFPID-1637818",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:industrial_edge_management_os__iem-os_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "industrial_edge_management_pro",
"product": {
"name": "industrial_edge_management_pro",
"product_id": "CSAFPID-1637809",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:industrial_edge_management_pro:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "industrial_edge_management_pro",
"product": {
"name": "industrial_edge_management_pro",
"product_id": "CSAFPID-1637611",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:industrial_edge_management_pro:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "industrial_edge_management_virtual",
"product": {
"name": "industrial_edge_management_virtual",
"product_id": "CSAFPID-1637810",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:industrial_edge_management_virtual:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "industrial_edge_management_virtual",
"product": {
"name": "industrial_edge_management_virtual",
"product_id": "CSAFPID-1637612",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:industrial_edge_management_virtual:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "livetwin_industrial_edge_app__6av2170-0bl00-0aa0_",
"product": {
"name": "livetwin_industrial_edge_app__6av2170-0bl00-0aa0_",
"product_id": "CSAFPID-1637886",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:livetwin_industrial_edge_app__6av2170-0bl00-0aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v10.12",
"product": {
"name": "mendix_runtime_v10.12",
"product_id": "CSAFPID-1637623",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v10.12:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v10.12",
"product": {
"name": "mendix_runtime_v10.12",
"product_id": "CSAFPID-1637566",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v10.12:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v10.6",
"product": {
"name": "mendix_runtime_v10.6",
"product_id": "CSAFPID-1637624",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v10.6:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v10.6",
"product": {
"name": "mendix_runtime_v10.6",
"product_id": "CSAFPID-1637567",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v10.6:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v10",
"product": {
"name": "mendix_runtime_v10",
"product_id": "CSAFPID-1637622",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v10:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v10",
"product": {
"name": "mendix_runtime_v10",
"product_id": "CSAFPID-1637565",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v10:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v8",
"product": {
"name": "mendix_runtime_v8",
"product_id": "CSAFPID-1637625",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v8:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v8",
"product": {
"name": "mendix_runtime_v8",
"product_id": "CSAFPID-1637568",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v8:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v9",
"product": {
"name": "mendix_runtime_v9",
"product_id": "CSAFPID-1637626",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v9:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "mendix_runtime_v9",
"product": {
"name": "mendix_runtime_v9",
"product_id": "CSAFPID-1637569",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:mendix_runtime_v9:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sicam_scc",
"product": {
"name": "sicam_scc",
"product_id": "CSAFPID-1637841",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sicam_scc:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sicam_scc__10.0",
"product": {
"name": "sicam_scc__10.0",
"product_id": "CSAFPID-1637471",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sicam_scc__10.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_batch_v9.1",
"product": {
"name": "simatic_batch_v9.1",
"product_id": "CSAFPID-1625340",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_batch_v9.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_batch_v9.1",
"product": {
"name": "simatic_batch_v9.1",
"product_id": "CSAFPID-1470063",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_batch_v9.1:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1242-7_v2__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1242-7_v2__incl._siplus_variants_",
"product_id": "CSAFPID-1637811",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1242-7_v2__incl._siplus_variants_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1242-7_v2__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1242-7_v2__incl._siplus_variants_",
"product_id": "CSAFPID-1476332",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1242-7_v2__incl._siplus_variants_:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-1__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1243-1__incl._siplus_variants_",
"product_id": "CSAFPID-1637649",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1__incl._siplus_variants_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-1__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1243-1__incl._siplus_variants_",
"product_id": "CSAFPID-1476333",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1__incl._siplus_variants_:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-1_dnp3__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1243-1_dnp3__incl._siplus_variants_",
"product_id": "CSAFPID-1637650",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1_dnp3__incl._siplus_variants_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-1_dnp3__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1243-1_dnp3__incl._siplus_variants_",
"product_id": "CSAFPID-1476082",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1_dnp3__incl._siplus_variants_:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-1_iec__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1243-1_iec__incl._siplus_variants_",
"product_id": "CSAFPID-1637651",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1_iec__incl._siplus_variants_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-1_iec__incl._siplus_variants_",
"product": {
"name": "simatic_cp_1243-1_iec__incl._siplus_variants_",
"product_id": "CSAFPID-1476083",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-1_iec__incl._siplus_variants_:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-7_lte",
"product": {
"name": "simatic_cp_1243-7_lte",
"product_id": "CSAFPID-1637812",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-7_lte:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-7_lte",
"product": {
"name": "simatic_cp_1243-7_lte",
"product_id": "CSAFPID-1476334",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-7_lte:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-8_irc",
"product": {
"name": "simatic_cp_1243-8_irc",
"product_id": "CSAFPID-1476086",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-8_irc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_cp_1243-8_irc__6gk7243-8rx30-0xe0_",
"product": {
"name": "simatic_cp_1243-8_irc__6gk7243-8rx30-0xe0_",
"product_id": "CSAFPID-1637652",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_cp_1243-8_irc__6gk7243-8rx30-0xe0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_hmi_comfort_panels__incl._siplus_variants_",
"product": {
"name": "simatic_hmi_comfort_panels__incl._siplus_variants_",
"product_id": "CSAFPID-1637813",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_hmi_comfort_panels__incl._siplus_variants_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_hmi_comfort_panels__incl._siplus_variants_",
"product": {
"name": "simatic_hmi_comfort_panels__incl._siplus_variants_",
"product_id": "CSAFPID-1637557",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_hmi_comfort_panels__incl._siplus_variants_:all_versions:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_information_server_2020",
"product": {
"name": "simatic_information_server_2020",
"product_id": "CSAFPID-1637837",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_information_server_2020:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_information_server_2020",
"product": {
"name": "simatic_information_server_2020",
"product_id": "CSAFPID-1637574",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_information_server_2020:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_information_server_2022",
"product": {
"name": "simatic_information_server_2022",
"product_id": "CSAFPID-1637613",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_information_server_2022:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_information_server_2022",
"product": {
"name": "simatic_information_server_2022",
"product_id": "CSAFPID-1637570",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_information_server_2022:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_information_server_2024",
"product": {
"name": "simatic_information_server_2024",
"product_id": "CSAFPID-1637614",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_information_server_2024:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_information_server_2024",
"product": {
"name": "simatic_information_server_2024",
"product_id": "CSAFPID-1637571",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_information_server_2024:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_ipc_diagbase",
"product": {
"name": "simatic_ipc_diagbase",
"product_id": "CSAFPID-1637619",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_ipc_diagbase:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_ipc_diagbase",
"product": {
"name": "simatic_ipc_diagbase",
"product_id": "CSAFPID-1497078",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_ipc_diagbase:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_ipc_diagmonitor",
"product": {
"name": "simatic_ipc_diagmonitor",
"product_id": "CSAFPID-744729",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_ipc_diagmonitor:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_ipc_diagmonitor",
"product": {
"name": "simatic_ipc_diagmonitor",
"product_id": "CSAFPID-1457904",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_ipc_diagmonitor:all_versions:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_7_v9.1",
"product": {
"name": "simatic_pcs_7_v9.1",
"product_id": "CSAFPID-1501190",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_7_v9.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_7_v9.1",
"product": {
"name": "simatic_pcs_7_v9.1",
"product_id": "CSAFPID-1457909",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_7_v9.1:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_neo_v4.0",
"product": {
"name": "simatic_pcs_neo_v4.0",
"product_id": "CSAFPID-1637615",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v4.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_neo_v4.0",
"product": {
"name": "simatic_pcs_neo_v4.0",
"product_id": "CSAFPID-1496915",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v4.0:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_neo_v4.1",
"product": {
"name": "simatic_pcs_neo_v4.1",
"product_id": "CSAFPID-1637616",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v4.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_neo_v4.1",
"product": {
"name": "simatic_pcs_neo_v4.1",
"product_id": "CSAFPID-1637572",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v4.1:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_neo_v5.0",
"product": {
"name": "simatic_pcs_neo_v5.0",
"product_id": "CSAFPID-1637617",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v5.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_pcs_neo_v5.0",
"product": {
"name": "simatic_pcs_neo_v5.0",
"product_id": "CSAFPID-1637573",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_pcs_neo_v5.0:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_process_historian_2020",
"product": {
"name": "simatic_process_historian_2020",
"product_id": "CSAFPID-1637838",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_process_historian_2020:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_process_historian_2020",
"product": {
"name": "simatic_process_historian_2020",
"product_id": "CSAFPID-1637575",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_process_historian_2020:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_process_historian_2022",
"product": {
"name": "simatic_process_historian_2022",
"product_id": "CSAFPID-1637839",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_process_historian_2022:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_process_historian_2022",
"product": {
"name": "simatic_process_historian_2022",
"product_id": "CSAFPID-1637576",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_process_historian_2022:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf610r_cmiit",
"product": {
"name": "simatic_reader_rf610r_cmiit",
"product_id": "CSAFPID-1637577",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_cmiit:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf610r_cmiit__6gt2811-6bc10-2aa0_",
"product": {
"name": "simatic_reader_rf610r_cmiit__6gt2811-6bc10-2aa0_",
"product_id": "CSAFPID-1637857",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_cmiit__6gt2811-6bc10-2aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf610r_etsi",
"product": {
"name": "simatic_reader_rf610r_etsi",
"product_id": "CSAFPID-1637578",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_etsi:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf610r_etsi__6gt2811-6bc10-0aa0_",
"product": {
"name": "simatic_reader_rf610r_etsi__6gt2811-6bc10-0aa0_",
"product_id": "CSAFPID-1637858",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_etsi__6gt2811-6bc10-0aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf610r_fcc",
"product": {
"name": "simatic_reader_rf610r_fcc",
"product_id": "CSAFPID-1637579",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_fcc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf610r_fcc__6gt2811-6bc10-1aa0_",
"product": {
"name": "simatic_reader_rf610r_fcc__6gt2811-6bc10-1aa0_",
"product_id": "CSAFPID-1637859",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf610r_fcc__6gt2811-6bc10-1aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf615r_cmiit",
"product": {
"name": "simatic_reader_rf615r_cmiit",
"product_id": "CSAFPID-1637580",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_cmiit:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf615r_cmiit__6gt2811-6cc10-2aa0_",
"product": {
"name": "simatic_reader_rf615r_cmiit__6gt2811-6cc10-2aa0_",
"product_id": "CSAFPID-1637860",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_cmiit__6gt2811-6cc10-2aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf615r_etsi",
"product": {
"name": "simatic_reader_rf615r_etsi",
"product_id": "CSAFPID-1637581",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_etsi:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf615r_etsi__6gt2811-6cc10-0aa0_",
"product": {
"name": "simatic_reader_rf615r_etsi__6gt2811-6cc10-0aa0_",
"product_id": "CSAFPID-1637861",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_etsi__6gt2811-6cc10-0aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf615r_fcc",
"product": {
"name": "simatic_reader_rf615r_fcc",
"product_id": "CSAFPID-1637582",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_fcc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf615r_fcc__6gt2811-6cc10-1aa0_",
"product": {
"name": "simatic_reader_rf615r_fcc__6gt2811-6cc10-1aa0_",
"product_id": "CSAFPID-1637862",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf615r_fcc__6gt2811-6cc10-1aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_arib",
"product": {
"name": "simatic_reader_rf650r_arib",
"product_id": "CSAFPID-1637583",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_arib:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_arib__6gt2811-6ab20-4aa0_",
"product": {
"name": "simatic_reader_rf650r_arib__6gt2811-6ab20-4aa0_",
"product_id": "CSAFPID-1637863",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_arib__6gt2811-6ab20-4aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_cmiit",
"product": {
"name": "simatic_reader_rf650r_cmiit",
"product_id": "CSAFPID-1637584",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_cmiit:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_cmiit__6gt2811-6ab20-2aa0_",
"product": {
"name": "simatic_reader_rf650r_cmiit__6gt2811-6ab20-2aa0_",
"product_id": "CSAFPID-1637864",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_cmiit__6gt2811-6ab20-2aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_etsi",
"product": {
"name": "simatic_reader_rf650r_etsi",
"product_id": "CSAFPID-1637585",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_etsi:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_etsi__6gt2811-6ab20-0aa0_",
"product": {
"name": "simatic_reader_rf650r_etsi__6gt2811-6ab20-0aa0_",
"product_id": "CSAFPID-1637865",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_etsi__6gt2811-6ab20-0aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_fcc",
"product": {
"name": "simatic_reader_rf650r_fcc",
"product_id": "CSAFPID-1637586",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_fcc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf650r_fcc__6gt2811-6ab20-1aa0_",
"product": {
"name": "simatic_reader_rf650r_fcc__6gt2811-6ab20-1aa0_",
"product_id": "CSAFPID-1637866",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf650r_fcc__6gt2811-6ab20-1aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_arib",
"product": {
"name": "simatic_reader_rf680r_arib",
"product_id": "CSAFPID-1637587",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_arib:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_arib__6gt2811-6aa10-4aa0_",
"product": {
"name": "simatic_reader_rf680r_arib__6gt2811-6aa10-4aa0_",
"product_id": "CSAFPID-1637867",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_arib__6gt2811-6aa10-4aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_cmiit",
"product": {
"name": "simatic_reader_rf680r_cmiit",
"product_id": "CSAFPID-1637588",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_cmiit:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_cmiit__6gt2811-6aa10-2aa0_",
"product": {
"name": "simatic_reader_rf680r_cmiit__6gt2811-6aa10-2aa0_",
"product_id": "CSAFPID-1637868",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_cmiit__6gt2811-6aa10-2aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_etsi",
"product": {
"name": "simatic_reader_rf680r_etsi",
"product_id": "CSAFPID-1637589",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_etsi:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_etsi__6gt2811-6aa10-0aa0_",
"product": {
"name": "simatic_reader_rf680r_etsi__6gt2811-6aa10-0aa0_",
"product_id": "CSAFPID-1637869",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_etsi__6gt2811-6aa10-0aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_fcc",
"product": {
"name": "simatic_reader_rf680r_fcc",
"product_id": "CSAFPID-1637590",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_fcc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf680r_fcc__6gt2811-6aa10-1aa0_",
"product": {
"name": "simatic_reader_rf680r_fcc__6gt2811-6aa10-1aa0_",
"product_id": "CSAFPID-1637870",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf680r_fcc__6gt2811-6aa10-1aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_arib",
"product": {
"name": "simatic_reader_rf685r_arib",
"product_id": "CSAFPID-1637591",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_arib:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_arib__6gt2811-6ca10-4aa0_",
"product": {
"name": "simatic_reader_rf685r_arib__6gt2811-6ca10-4aa0_",
"product_id": "CSAFPID-1637871",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_arib__6gt2811-6ca10-4aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_cmiit",
"product": {
"name": "simatic_reader_rf685r_cmiit",
"product_id": "CSAFPID-1637592",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_cmiit:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_cmiit__6gt2811-6ca10-2aa0_",
"product": {
"name": "simatic_reader_rf685r_cmiit__6gt2811-6ca10-2aa0_",
"product_id": "CSAFPID-1637872",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_cmiit__6gt2811-6ca10-2aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_etsi",
"product": {
"name": "simatic_reader_rf685r_etsi",
"product_id": "CSAFPID-1637593",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_etsi:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_etsi__6gt2811-6ca10-0aa0_",
"product": {
"name": "simatic_reader_rf685r_etsi__6gt2811-6ca10-0aa0_",
"product_id": "CSAFPID-1637873",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_etsi__6gt2811-6ca10-0aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_fcc",
"product": {
"name": "simatic_reader_rf685r_fcc",
"product_id": "CSAFPID-1637594",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_fcc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_reader_rf685r_fcc__6gt2811-6ca10-1aa0_",
"product": {
"name": "simatic_reader_rf685r_fcc__6gt2811-6ca10-1aa0_",
"product_id": "CSAFPID-1637874",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_reader_rf685r_fcc__6gt2811-6ca10-1aa0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf1140r",
"product": {
"name": "simatic_rf1140r",
"product_id": "CSAFPID-1637595",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf1140r:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf1140r__6gt2831-6cb00_",
"product": {
"name": "simatic_rf1140r__6gt2831-6cb00_",
"product_id": "CSAFPID-1637875",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf1140r__6gt2831-6cb00_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf1170r",
"product": {
"name": "simatic_rf1170r",
"product_id": "CSAFPID-1637596",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf1170r:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf1170r__6gt2831-6bb00_",
"product": {
"name": "simatic_rf1170r__6gt2831-6bb00_",
"product_id": "CSAFPID-1637876",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf1170r__6gt2831-6bb00_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf166c",
"product": {
"name": "simatic_rf166c",
"product_id": "CSAFPID-1637597",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf166c:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf166c__6gt2002-0ee20_",
"product": {
"name": "simatic_rf166c__6gt2002-0ee20_",
"product_id": "CSAFPID-1637877",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf166c__6gt2002-0ee20_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf185c",
"product": {
"name": "simatic_rf185c",
"product_id": "CSAFPID-1637598",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf185c:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf185c__6gt2002-0je10_",
"product": {
"name": "simatic_rf185c__6gt2002-0je10_",
"product_id": "CSAFPID-1637878",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf185c__6gt2002-0je10_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf186c",
"product": {
"name": "simatic_rf186c",
"product_id": "CSAFPID-1637599",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf186c:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf186c__6gt2002-0je20_",
"product": {
"name": "simatic_rf186c__6gt2002-0je20_",
"product_id": "CSAFPID-1637879",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf186c__6gt2002-0je20_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf186ci",
"product": {
"name": "simatic_rf186ci",
"product_id": "CSAFPID-1637600",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf186ci:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf186ci__6gt2002-0je50_",
"product": {
"name": "simatic_rf186ci__6gt2002-0je50_",
"product_id": "CSAFPID-1637880",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf186ci__6gt2002-0je50_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf188c",
"product": {
"name": "simatic_rf188c",
"product_id": "CSAFPID-1637601",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf188c:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf188c__6gt2002-0je40_",
"product": {
"name": "simatic_rf188c__6gt2002-0je40_",
"product_id": "CSAFPID-1637881",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf188c__6gt2002-0je40_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf188ci",
"product": {
"name": "simatic_rf188ci",
"product_id": "CSAFPID-1637602",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf188ci:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf188ci__6gt2002-0je60_",
"product": {
"name": "simatic_rf188ci__6gt2002-0je60_",
"product_id": "CSAFPID-1637882",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf188ci__6gt2002-0je60_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf360r",
"product": {
"name": "simatic_rf360r",
"product_id": "CSAFPID-1637603",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf360r:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_rf360r__6gt2801-5ba30_",
"product": {
"name": "simatic_rf360r__6gt2801-5ba30_",
"product_id": "CSAFPID-1637883",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_rf360r__6gt2801-5ba30_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_",
"product": {
"name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_",
"product_id": "CSAFPID-1615260",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ab0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_",
"product": {
"name": "simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_",
"product_id": "CSAFPID-1615261",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518-4_pn_dp_mfp__6es7518-4ax00-1ac0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_",
"product": {
"name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_",
"product_id": "CSAFPID-1615262",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ab0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_",
"product": {
"name": "simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_",
"product_id": "CSAFPID-1615263",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_s7-1500_cpu_1518f-4_pn_dp_mfp__6es7518-4fx00-1ac0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-165973",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:7.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-186768",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:7.5:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-855579",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:8.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-1637479",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:runtime_advanced:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-1637482",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:runtime_professional_v17:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-1637483",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:runtime_professional_v18:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-1637480",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:runtime_professional_v19:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc",
"product": {
"name": "simatic_wincc",
"product_id": "CSAFPID-1637481",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc:runtime_professional_v20:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_advanced",
"product": {
"name": "simatic_wincc_runtime_advanced",
"product_id": "CSAFPID-766087",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_advanced",
"product": {
"name": "simatic_wincc_runtime_advanced",
"product_id": "CSAFPID-1637558",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_advanced:all_versions:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_professional_v17",
"product": {
"name": "simatic_wincc_runtime_professional_v17",
"product_id": "CSAFPID-1637887",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v17:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_professional_v18",
"product": {
"name": "simatic_wincc_runtime_professional_v18",
"product_id": "CSAFPID-1501188",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v18:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_professional_v18",
"product": {
"name": "simatic_wincc_runtime_professional_v18",
"product_id": "CSAFPID-1457962",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v18:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_professional_v19",
"product": {
"name": "simatic_wincc_runtime_professional_v19",
"product_id": "CSAFPID-1501192",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v19:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_professional_v19",
"product": {
"name": "simatic_wincc_runtime_professional_v19",
"product_id": "CSAFPID-1457963",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v19:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_runtime_professional_v20",
"product": {
"name": "simatic_wincc_runtime_professional_v20",
"product_id": "CSAFPID-1637888",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_runtime_professional_v20:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_v7.4",
"product": {
"name": "simatic_wincc_v7.4",
"product_id": "CSAFPID-1501193",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.4:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_v7.4",
"product": {
"name": "simatic_wincc_v7.4",
"product_id": "CSAFPID-1457965",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.4:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_v7.5",
"product": {
"name": "simatic_wincc_v7.5",
"product_id": "CSAFPID-1501191",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.5:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_v7.5",
"product": {
"name": "simatic_wincc_v7.5",
"product_id": "CSAFPID-1457966",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_v7.5:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_v8.0",
"product": {
"name": "simatic_wincc_v8.0",
"product_id": "CSAFPID-1501189",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_v8.0:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "simatic_wincc_v8.0",
"product": {
"name": "simatic_wincc_v8.0",
"product_id": "CSAFPID-1457967",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:simatic_wincc_v8.0:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinec_nms",
"product": {
"name": "sinec_nms",
"product_id": "CSAFPID-309392",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinec_nms",
"product": {
"name": "sinec_nms",
"product_id": "CSAFPID-1458012",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinec_nms:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinema_remote_connect_client",
"product": {
"name": "sinema_remote_connect_client",
"product_id": "CSAFPID-894438",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinema_remote_connect_client",
"product": {
"name": "sinema_remote_connect_client",
"product_id": "CSAFPID-1494867",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinema_remote_connect_client:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinema_remote_connect_server",
"product": {
"name": "sinema_remote_connect_server",
"product_id": "CSAFPID-218852",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinema_remote_connect_server",
"product": {
"name": "sinema_remote_connect_server",
"product_id": "CSAFPID-1496914",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinema_remote_connect_server:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_828d_v4",
"product": {
"name": "sinumerik_828d_v4",
"product_id": "CSAFPID-1637627",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_828d_v4:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_828d_v4",
"product": {
"name": "sinumerik_828d_v4",
"product_id": "CSAFPID-1637606",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_828d_v4:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_828d_v5",
"product": {
"name": "sinumerik_828d_v5",
"product_id": "CSAFPID-1637762",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_828d_v5:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_828d_v5",
"product": {
"name": "sinumerik_828d_v5",
"product_id": "CSAFPID-1637607",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_828d_v5:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_840d_sl_v4",
"product": {
"name": "sinumerik_840d_sl_v4",
"product_id": "CSAFPID-1637628",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_840d_sl_v4:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_840d_sl_v4",
"product": {
"name": "sinumerik_840d_sl_v4",
"product_id": "CSAFPID-1637608",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_840d_sl_v4:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_one",
"product": {
"name": "sinumerik_one",
"product_id": "CSAFPID-455030",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_one:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sinumerik_one",
"product": {
"name": "sinumerik_one",
"product_id": "CSAFPID-1457969",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sinumerik_one:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_",
"product": {
"name": "siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_",
"product_id": "CSAFPID-1615264",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_s7-1500_cpu_1518-4_pn_dp_mfp__6ag1518-4ax00-4ac0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_tim_1531_irc",
"product": {
"name": "siplus_tim_1531_irc",
"product_id": "CSAFPID-1476100",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_tim_1531_irc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siplus_tim_1531_irc__6ag1543-1mx00-7xe0_",
"product": {
"name": "siplus_tim_1531_irc__6ag1543-1mx00-7xe0_",
"product_id": "CSAFPID-1637814",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:siplus_tim_1531_irc__6ag1543-1mx00-7xe0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sitipe_at",
"product": {
"name": "sitipe_at",
"product_id": "CSAFPID-1637842",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:sitipe_at:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation_v2302",
"product": {
"name": "tecnomatix_plant_simulation_v2302",
"product_id": "CSAFPID-1637816",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation_v2302",
"product": {
"name": "tecnomatix_plant_simulation_v2302",
"product_id": "CSAFPID-1465025",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2302:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation_v2404",
"product": {
"name": "tecnomatix_plant_simulation_v2404",
"product_id": "CSAFPID-1637817",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tecnomatix_plant_simulation_v2404",
"product": {
"name": "tecnomatix_plant_simulation_v2404",
"product_id": "CSAFPID-1476361",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tecnomatix_plant_simulation_v2404:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tia_administrator",
"product": {
"name": "tia_administrator",
"product_id": "CSAFPID-766096",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tia_administrator:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tia_portal",
"product": {
"name": "tia_portal",
"product_id": "CSAFPID-1637472",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tia_portal:v16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tia_portal__v17_update_8",
"product": {
"name": "tia_portal__v17_update_8",
"product_id": "CSAFPID-1637474",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tia_portal__v17_update_8:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tia_portal_umc__v2.13.1",
"product": {
"name": "tia_portal_umc__v2.13.1",
"product_id": "CSAFPID-1637473",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tia_portal_umc__v2.13.1:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tim_1531_irc",
"product": {
"name": "tim_1531_irc",
"product_id": "CSAFPID-1476101",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tim_1531_irc:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "tim_1531_irc__6gk7543-1mx00-0xe0_",
"product": {
"name": "tim_1531_irc__6gk7543-1mx00-0xe0_",
"product_id": "CSAFPID-1637815",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:tim_1531_irc__6gk7543-1mx00-0xe0_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v16",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v16",
"product_id": "CSAFPID-1615256",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v16:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v16",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v16",
"product_id": "CSAFPID-1458015",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v16:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v17",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v17",
"product_id": "CSAFPID-1615257",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v17:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v17",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v17",
"product_id": "CSAFPID-1458016",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v17:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v18",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v18",
"product_id": "CSAFPID-1615258",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v18:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v18",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v18",
"product_id": "CSAFPID-1458017",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v18:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v19",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v19",
"product_id": "CSAFPID-1637618",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v19:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "totally_integrated_automation_portal__tia_portal__v19",
"product": {
"name": "totally_integrated_automation_portal__tia_portal__v19",
"product_id": "CSAFPID-1470073",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:totally_integrated_automation_portal__tia_portal__v19:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sicam",
"product": {
"name": "sicam",
"product_id": "CSAFPID-1637469",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:sicam:8_software_solution:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sicam",
"product": {
"name": "sicam",
"product_id": "CSAFPID-1637470",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:sicam:a8000_device:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "sicam",
"product": {
"name": "sicam",
"product_id": "CSAFPID-1637468",
"product_identification_helper": {
"cpe": "cpe:2.3:h:siemens:sicam:egs_device:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-5051",
"references": [
{
"category": "self",
"summary": "CVE-2006-5051",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2006/CVE-2006-5051.json"
}
],
"title": "CVE-2006-5051"
},
{
"cve": "CVE-2023-28827",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637479",
"CSAFPID-1476332",
"CSAFPID-1476333",
"CSAFPID-1476082",
"CSAFPID-1476083",
"CSAFPID-1476334",
"CSAFPID-1476086",
"CSAFPID-1637557",
"CSAFPID-1497078",
"CSAFPID-1457904",
"CSAFPID-1637558",
"CSAFPID-1476100",
"CSAFPID-1476101",
"CSAFPID-1637811",
"CSAFPID-1637649",
"CSAFPID-1637650",
"CSAFPID-1637651",
"CSAFPID-1637812",
"CSAFPID-1637652",
"CSAFPID-1637813",
"CSAFPID-1637619",
"CSAFPID-744729",
"CSAFPID-766087",
"CSAFPID-1637814",
"CSAFPID-1637815"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-28827",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-28827.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1637479",
"CSAFPID-1476332",
"CSAFPID-1476333",
"CSAFPID-1476082",
"CSAFPID-1476083",
"CSAFPID-1476334",
"CSAFPID-1476086",
"CSAFPID-1637557",
"CSAFPID-1497078",
"CSAFPID-1457904",
"CSAFPID-1637558",
"CSAFPID-1476100",
"CSAFPID-1476101",
"CSAFPID-1637811",
"CSAFPID-1637649",
"CSAFPID-1637650",
"CSAFPID-1637651",
"CSAFPID-1637812",
"CSAFPID-1637652",
"CSAFPID-1637813",
"CSAFPID-1637619",
"CSAFPID-744729",
"CSAFPID-766087",
"CSAFPID-1637814",
"CSAFPID-1637815"
]
}
],
"title": "CVE-2023-28827"
},
{
"cve": "CVE-2023-30755",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637479",
"CSAFPID-1476332",
"CSAFPID-1476333",
"CSAFPID-1476082",
"CSAFPID-1476083",
"CSAFPID-1476334",
"CSAFPID-1476086",
"CSAFPID-1637557",
"CSAFPID-1497078",
"CSAFPID-1457904",
"CSAFPID-1637558",
"CSAFPID-1476100",
"CSAFPID-1476101",
"CSAFPID-1637811",
"CSAFPID-1637649",
"CSAFPID-1637650",
"CSAFPID-1637651",
"CSAFPID-1637812",
"CSAFPID-1637652",
"CSAFPID-1637813",
"CSAFPID-1637619",
"CSAFPID-744729",
"CSAFPID-766087",
"CSAFPID-1637814",
"CSAFPID-1637815"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-30755",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-30755.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1637479",
"CSAFPID-1476332",
"CSAFPID-1476333",
"CSAFPID-1476082",
"CSAFPID-1476083",
"CSAFPID-1476334",
"CSAFPID-1476086",
"CSAFPID-1637557",
"CSAFPID-1497078",
"CSAFPID-1457904",
"CSAFPID-1637558",
"CSAFPID-1476100",
"CSAFPID-1476101",
"CSAFPID-1637811",
"CSAFPID-1637649",
"CSAFPID-1637650",
"CSAFPID-1637651",
"CSAFPID-1637812",
"CSAFPID-1637652",
"CSAFPID-1637813",
"CSAFPID-1637619",
"CSAFPID-744729",
"CSAFPID-766087",
"CSAFPID-1637814",
"CSAFPID-1637815"
]
}
],
"title": "CVE-2023-30755"
},
{
"cve": "CVE-2023-30756",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637479",
"CSAFPID-1476332",
"CSAFPID-1476333",
"CSAFPID-1476082",
"CSAFPID-1476083",
"CSAFPID-1476334",
"CSAFPID-1476086",
"CSAFPID-1637557",
"CSAFPID-1497078",
"CSAFPID-1457904",
"CSAFPID-1637558",
"CSAFPID-1476100",
"CSAFPID-1476101",
"CSAFPID-1637811",
"CSAFPID-1637649",
"CSAFPID-1637650",
"CSAFPID-1637651",
"CSAFPID-1637812",
"CSAFPID-1637652",
"CSAFPID-1637813",
"CSAFPID-1637619",
"CSAFPID-744729",
"CSAFPID-766087",
"CSAFPID-1637814",
"CSAFPID-1637815"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-30756",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-30756.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1637479",
"CSAFPID-1476332",
"CSAFPID-1476333",
"CSAFPID-1476082",
"CSAFPID-1476083",
"CSAFPID-1476334",
"CSAFPID-1476086",
"CSAFPID-1637557",
"CSAFPID-1497078",
"CSAFPID-1457904",
"CSAFPID-1637558",
"CSAFPID-1476100",
"CSAFPID-1476101",
"CSAFPID-1637811",
"CSAFPID-1637649",
"CSAFPID-1637650",
"CSAFPID-1637651",
"CSAFPID-1637812",
"CSAFPID-1637652",
"CSAFPID-1637813",
"CSAFPID-1637619",
"CSAFPID-744729",
"CSAFPID-766087",
"CSAFPID-1637814",
"CSAFPID-1637815"
]
}
],
"title": "CVE-2023-30756"
},
{
"cve": "CVE-2023-46850",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-894438"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46850",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46850.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-894438"
]
}
],
"title": "CVE-2023-46850"
},
{
"cve": "CVE-2023-49069",
"cwe": {
"id": "CWE-204",
"name": "Observable Response Discrepancy"
},
"notes": [
{
"category": "other",
"text": "Observable Response Discrepancy",
"title": "CWE-204"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637565",
"CSAFPID-1637566",
"CSAFPID-1637567",
"CSAFPID-1637568",
"CSAFPID-1637569",
"CSAFPID-1637622",
"CSAFPID-1637623",
"CSAFPID-1637624",
"CSAFPID-1637625",
"CSAFPID-1637626"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-49069",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-49069.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1637565",
"CSAFPID-1637566",
"CSAFPID-1637567",
"CSAFPID-1637568",
"CSAFPID-1637569",
"CSAFPID-1637622",
"CSAFPID-1637623",
"CSAFPID-1637624",
"CSAFPID-1637625",
"CSAFPID-1637626"
]
}
],
"title": "CVE-2023-49069"
},
{
"cve": "CVE-2024-2004",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Cleartext Transmission of Sensitive Information",
"title": "CWE-319"
},
{
"category": "other",
"text": "Misinterpretation of Input",
"title": "CWE-115"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615260",
"CSAFPID-1615261",
"CSAFPID-1615262",
"CSAFPID-1615263",
"CSAFPID-1615264",
"CSAFPID-894438"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2004",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2004.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1615260",
"CSAFPID-1615261",
"CSAFPID-1615262",
"CSAFPID-1615263",
"CSAFPID-1615264",
"CSAFPID-894438"
]
}
],
"title": "CVE-2024-2004"
},
{
"cve": "CVE-2024-2379",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615260",
"CSAFPID-1615261",
"CSAFPID-1615262",
"CSAFPID-1615263",
"CSAFPID-1615264",
"CSAFPID-894438"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2379",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2379.json"
}
],
"title": "CVE-2024-2379"
},
{
"cve": "CVE-2024-2398",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"notes": [
{
"category": "other",
"text": "Missing Release of Resource after Effective Lifetime",
"title": "CWE-772"
},
{
"category": "other",
"text": "Missing Release of Memory after Effective Lifetime",
"title": "CWE-401"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615260",
"CSAFPID-1615261",
"CSAFPID-1615262",
"CSAFPID-1615263",
"CSAFPID-1615264",
"CSAFPID-894438"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2398",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2398.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1615260",
"CSAFPID-1615261",
"CSAFPID-1615262",
"CSAFPID-1615263",
"CSAFPID-1615264",
"CSAFPID-894438"
]
}
],
"title": "CVE-2024-2398"
},
{
"cve": "CVE-2024-2466",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "other",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1615260",
"CSAFPID-1615261",
"CSAFPID-1615262",
"CSAFPID-1615263",
"CSAFPID-1615264",
"CSAFPID-894438"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2466",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2466.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1615260",
"CSAFPID-1615261",
"CSAFPID-1615262",
"CSAFPID-1615263",
"CSAFPID-1615264",
"CSAFPID-894438"
]
}
],
"title": "CVE-2024-2466"
},
{
"cve": "CVE-2024-6387",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"category": "other",
"text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"title": "CWE-362"
},
{
"category": "other",
"text": "Signal Handler Race Condition",
"title": "CWE-364"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637818",
"CSAFPID-218852",
"CSAFPID-455030"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6387",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6387.json"
}
],
"title": "CVE-2024-6387"
},
{
"cve": "CVE-2024-32006",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"notes": [
{
"category": "other",
"text": "Insufficient Session Expiration",
"title": "CWE-613"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1494867",
"CSAFPID-894438"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-32006",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32006.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1494867",
"CSAFPID-894438"
]
}
],
"title": "CVE-2024-32006"
},
{
"cve": "CVE-2024-33698",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637472",
"CSAFPID-1637473",
"CSAFPID-1637474",
"CSAFPID-1637570",
"CSAFPID-1637571",
"CSAFPID-1496915",
"CSAFPID-1637572",
"CSAFPID-1637573",
"CSAFPID-1458012",
"CSAFPID-1458015",
"CSAFPID-1458016",
"CSAFPID-1458017",
"CSAFPID-1470073",
"CSAFPID-1637613",
"CSAFPID-1637614",
"CSAFPID-1637615",
"CSAFPID-1637616",
"CSAFPID-1637617",
"CSAFPID-309392",
"CSAFPID-1615256",
"CSAFPID-1615257",
"CSAFPID-1615258",
"CSAFPID-1637618"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-33698",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33698.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1637472",
"CSAFPID-1637473",
"CSAFPID-1637474",
"CSAFPID-1637570",
"CSAFPID-1637571",
"CSAFPID-1496915",
"CSAFPID-1637572",
"CSAFPID-1637573",
"CSAFPID-1458012",
"CSAFPID-1458015",
"CSAFPID-1458016",
"CSAFPID-1458017",
"CSAFPID-1470073",
"CSAFPID-1637613",
"CSAFPID-1637614",
"CSAFPID-1637615",
"CSAFPID-1637616",
"CSAFPID-1637617",
"CSAFPID-309392",
"CSAFPID-1615256",
"CSAFPID-1615257",
"CSAFPID-1615258",
"CSAFPID-1637618"
]
}
],
"title": "CVE-2024-33698"
},
{
"cve": "CVE-2024-34057",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "other",
"text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"title": "CWE-120"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637468",
"CSAFPID-1637469",
"CSAFPID-1637470",
"CSAFPID-1637471",
"CSAFPID-1637840",
"CSAFPID-1637841",
"CSAFPID-1637842"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-34057",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34057.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1637468",
"CSAFPID-1637469",
"CSAFPID-1637470",
"CSAFPID-1637471",
"CSAFPID-1637840",
"CSAFPID-1637841",
"CSAFPID-1637842"
]
}
],
"title": "CVE-2024-34057"
},
{
"cve": "CVE-2024-35783",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"notes": [
{
"category": "other",
"text": "Execution with Unnecessary Privileges",
"title": "CWE-250"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1470063",
"CSAFPID-1637574",
"CSAFPID-1637570",
"CSAFPID-1457909",
"CSAFPID-1637575",
"CSAFPID-1637576",
"CSAFPID-1457962",
"CSAFPID-1457963",
"CSAFPID-1457965",
"CSAFPID-1457966",
"CSAFPID-1457967",
"CSAFPID-1625340",
"CSAFPID-1637837",
"CSAFPID-1637613",
"CSAFPID-1501190",
"CSAFPID-1637838",
"CSAFPID-1637839",
"CSAFPID-1501188",
"CSAFPID-1501192",
"CSAFPID-1501193",
"CSAFPID-1501191",
"CSAFPID-1501189"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-35783",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-35783.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1470063",
"CSAFPID-1637574",
"CSAFPID-1637570",
"CSAFPID-1457909",
"CSAFPID-1637575",
"CSAFPID-1637576",
"CSAFPID-1457962",
"CSAFPID-1457963",
"CSAFPID-1457965",
"CSAFPID-1457966",
"CSAFPID-1457967",
"CSAFPID-1625340",
"CSAFPID-1637837",
"CSAFPID-1637613",
"CSAFPID-1501190",
"CSAFPID-1637838",
"CSAFPID-1637839",
"CSAFPID-1501188",
"CSAFPID-1501192",
"CSAFPID-1501193",
"CSAFPID-1501191",
"CSAFPID-1501189"
]
}
],
"title": "CVE-2024-35783"
},
{
"cve": "CVE-2024-37990",
"cwe": {
"id": "CWE-912",
"name": "Hidden Functionality"
},
"notes": [
{
"category": "other",
"text": "Hidden Functionality",
"title": "CWE-912"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37990",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37990.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
}
],
"title": "CVE-2024-37990"
},
{
"cve": "CVE-2024-37992",
"cwe": {
"id": "CWE-703",
"name": "Improper Check or Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37992",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37992.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
}
],
"title": "CVE-2024-37992"
},
{
"cve": "CVE-2024-37993",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37993",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37993.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
}
],
"title": "CVE-2024-37993"
},
{
"cve": "CVE-2024-37994",
"cwe": {
"id": "CWE-912",
"name": "Hidden Functionality"
},
"notes": [
{
"category": "other",
"text": "Hidden Functionality",
"title": "CWE-912"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37994",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37994.json"
}
],
"title": "CVE-2024-37994"
},
{
"cve": "CVE-2024-37995",
"cwe": {
"id": "CWE-703",
"name": "Improper Check or Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-37995",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37995.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1637577",
"CSAFPID-1637578",
"CSAFPID-1637579",
"CSAFPID-1637580",
"CSAFPID-1637581",
"CSAFPID-1637582",
"CSAFPID-1637583",
"CSAFPID-1637584",
"CSAFPID-1637585",
"CSAFPID-1637586",
"CSAFPID-1637587",
"CSAFPID-1637588",
"CSAFPID-1637589",
"CSAFPID-1637590",
"CSAFPID-1637591",
"CSAFPID-1637592",
"CSAFPID-1637593",
"CSAFPID-1637594",
"CSAFPID-1637595",
"CSAFPID-1637596",
"CSAFPID-1637597",
"CSAFPID-1637598",
"CSAFPID-1637599",
"CSAFPID-1637600",
"CSAFPID-1637601",
"CSAFPID-1637602",
"CSAFPID-1637603",
"CSAFPID-1637857",
"CSAFPID-1637858",
"CSAFPID-1637859",
"CSAFPID-1637860",
"CSAFPID-1637861",
"CSAFPID-1637862",
"CSAFPID-1637863",
"CSAFPID-1637864",
"CSAFPID-1637865",
"CSAFPID-1637866",
"CSAFPID-1637867",
"CSAFPID-1637868",
"CSAFPID-1637869",
"CSAFPID-1637870",
"CSAFPID-1637871",
"CSAFPID-1637872",
"CSAFPID-1637873",
"CSAFPID-1637874",
"CSAFPID-1637875",
"CSAFPID-1637876",
"CSAFPID-1637877",
"CSAFPID-1637878",
"CSAFPID-1637879",
"CSAFPID-1637880",
"CSAFPID-1637881",
"CSAFPID-1637882",
"CSAFPID-1637883"
]
}
],
"title": "CVE-2024-37995"
},
{
"cve": "CVE-2024-38355",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
}
],
"product_status": {
"known_affected": [
"CSAFPID-855579",
"CSAFPID-1637480",
"CSAFPID-1637481",
"CSAFPID-165973",
"CSAFPID-186768",
"CSAFPID-1637482",
"CSAFPID-1637483",
"CSAFPID-1637884",
"CSAFPID-1637885",
"CSAFPID-1637886",
"CSAFPID-1637616",
"CSAFPID-1637617",
"CSAFPID-1637887",
"CSAFPID-1501188",
"CSAFPID-1501192",
"CSAFPID-1637888",
"CSAFPID-1501193",
"CSAFPID-1501191",
"CSAFPID-1501189",
"CSAFPID-766096"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38355",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38355.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-855579",
"CSAFPID-1637480",
"CSAFPID-1637481",
"CSAFPID-165973",
"CSAFPID-186768",
"CSAFPID-1637482",
"CSAFPID-1637483",
"CSAFPID-1637884",
"CSAFPID-1637885",
"CSAFPID-1637886",
"CSAFPID-1637616",
"CSAFPID-1637617",
"CSAFPID-1637887",
"CSAFPID-1501188",
"CSAFPID-1501192",
"CSAFPID-1637888",
"CSAFPID-1501193",
"CSAFPID-1501191",
"CSAFPID-1501189",
"CSAFPID-766096"
]
}
],
"title": "CVE-2024-38355"
},
{
"cve": "CVE-2024-41170",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41170",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41170.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1465025",
"CSAFPID-1476361",
"CSAFPID-1637816",
"CSAFPID-1637817"
]
}
],
"title": "CVE-2024-41170"
},
{
"cve": "CVE-2024-41171",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "other",
"text": "Incorrect Permission Assignment for Critical Resource",
"title": "CWE-732"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637606",
"CSAFPID-1637607",
"CSAFPID-1637608",
"CSAFPID-1457969",
"CSAFPID-1637627",
"CSAFPID-1637762",
"CSAFPID-1637628",
"CSAFPID-455030"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-41171",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41171.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1637606",
"CSAFPID-1637607",
"CSAFPID-1637608",
"CSAFPID-1457969",
"CSAFPID-1637627",
"CSAFPID-1637762",
"CSAFPID-1637628",
"CSAFPID-455030"
]
}
],
"title": "CVE-2024-41171"
},
{
"cve": "CVE-2024-42344",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1494867",
"CSAFPID-894438"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-42344",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42344.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1494867",
"CSAFPID-894438"
]
}
],
"title": "CVE-2024-42344"
},
{
"cve": "CVE-2024-42345",
"cwe": {
"id": "CWE-384",
"name": "Session Fixation"
},
"notes": [
{
"category": "other",
"text": "Session Fixation",
"title": "CWE-384"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1496914",
"CSAFPID-218852"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-42345",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-42345.json"
}
],
"title": "CVE-2024-42345"
},
{
"cve": "CVE-2024-43781",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information into Log File",
"title": "CWE-532"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637606",
"CSAFPID-1637608",
"CSAFPID-1457969",
"CSAFPID-1637627",
"CSAFPID-1637628",
"CSAFPID-455030"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-43781",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-43781.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1637606",
"CSAFPID-1637608",
"CSAFPID-1457969",
"CSAFPID-1637627",
"CSAFPID-1637628",
"CSAFPID-455030"
]
}
],
"title": "CVE-2024-43781"
},
{
"cve": "CVE-2024-44087",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1553852",
"CSAFPID-1637609",
"CSAFPID-1637610",
"CSAFPID-1637629",
"CSAFPID-1637630",
"CSAFPID-1637631"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-44087",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-44087.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1553852",
"CSAFPID-1637609",
"CSAFPID-1637610",
"CSAFPID-1637629",
"CSAFPID-1637630",
"CSAFPID-1637631"
]
}
],
"title": "CVE-2024-44087"
},
{
"cve": "CVE-2024-45032",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"notes": [
{
"category": "other",
"text": "Authorization Bypass Through User-Controlled Key",
"title": "CWE-639"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1637611",
"CSAFPID-1637612",
"CSAFPID-1637809",
"CSAFPID-1637810"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-45032",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45032.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1637611",
"CSAFPID-1637612",
"CSAFPID-1637809",
"CSAFPID-1637810"
]
}
],
"title": "CVE-2024-45032"
}
]
}
SSA-097435
Vulnerability from csaf_siemens - Published: 2024-09-10 00:00 - Updated: 2025-08-12 00:00Summary
SSA-097435: Usernames Disclosure Vulnerability in Mendix Runtime
Notes
Summary: Mendix Runtime contains an observable response discrepancy vulnerability when validating usernames during authentication. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames.
Siemens has released new versions for the affected products and recommends to update to the latest versions.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at:
https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Mendix Runtime V8
Siemens / Mendix Runtime V8
|
vers:intdot/<8.18.33 |
Mitigation
Mitigation
Vendor Fix
fix
|
|
|
Mendix Runtime V9
Siemens / Mendix Runtime V9
|
vers:intdot/<9.24.31 |
Mitigation
Mitigation
Vendor Fix
fix
|
|
|
Mendix Runtime V10
Siemens / Mendix Runtime V10
|
vers:intdot/<10.17.0 |
Mitigation
Mitigation
Vendor Fix
fix
|
|
|
Mendix Runtime V10.6
Siemens / Mendix Runtime V10.6
|
vers:intdot/<10.6.19 |
Mitigation
Mitigation
Vendor Fix
fix
|
|
|
Mendix Runtime V10.12
Siemens / Mendix Runtime V10.12
|
vers:intdot/<10.12.11 |
Mitigation
Mitigation
Vendor Fix
fix
|
References
2 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Mendix Runtime contains an observable response discrepancy vulnerability when validating usernames during authentication. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames.\n\nSiemens has released new versions for the affected products and recommends to update to the latest versions.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-097435: Usernames Disclosure Vulnerability in Mendix Runtime - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-097435.html"
},
{
"category": "self",
"summary": "SSA-097435: Usernames Disclosure Vulnerability in Mendix Runtime - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-097435.json"
}
],
"title": "SSA-097435: Usernames Disclosure Vulnerability in Mendix Runtime",
"tracking": {
"current_release_date": "2025-08-12T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-097435",
"initial_release_date": "2024-09-10T00:00:00Z",
"revision_history": [
{
"date": "2024-09-10T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2024-09-12T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added fix for Mendix Runtime V8; updated Acknowledgements"
},
{
"date": "2024-10-08T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Fixed a bug in the csaf output"
},
{
"date": "2024-10-10T00:00:00Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Corrected fix version information for all Mendix Runtime version lines (fix releases not yet available, except for V8)"
},
{
"date": "2024-11-12T00:00:00Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Added fix releases for remaining Mendix Runtime version lines"
},
{
"date": "2024-11-26T00:00:00Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Added information about additional required actions after having installed a fix release"
},
{
"date": "2024-12-10T00:00:00Z",
"legacy_version": "1.6",
"number": "7",
"summary": "Added complete fix for Mendix Runtime V10 and the note that other versions still require additional actions after updating to the latest available version"
},
{
"date": "2024-12-12T00:00:00Z",
"legacy_version": "1.7",
"number": "8",
"summary": "Added complete fix for Mendix Runtime V9 and V8"
},
{
"date": "2025-01-14T00:00:00Z",
"legacy_version": "1.8",
"number": "9",
"summary": "Added complete fix for Mendix Runtime V10.12 and V10.6; removed hint about additional required actions in former (incomplete) fix versions"
},
{
"date": "2025-08-12T00:00:00Z",
"legacy_version": "1.9",
"number": "10",
"summary": "Added mitigation for published REST and web services and oData APIs"
}
],
"status": "interim",
"version": "10"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c8.18.33",
"product": {
"name": "Mendix Runtime V8",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V8"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c9.24.31",
"product": {
"name": "Mendix Runtime V9",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V9"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c10.17.0",
"product": {
"name": "Mendix Runtime V10",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V10"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c10.6.19",
"product": {
"name": "Mendix Runtime V10.6",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V10.6"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c10.12.11",
"product": {
"name": "Mendix Runtime V10.12",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "Mendix Runtime V10.12"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-49069",
"cwe": {
"id": "CWE-204",
"name": "Observable Response Discrepancy"
},
"notes": [
{
"category": "summary",
"text": "The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5"
]
},
"remediations": [
{
"category": "mitigation",
"details": "For app user login: Do not use basic authentication, but setup an alternative authentication module (e.g. OIDC SSO, Mendix SSO, or SAML \u003e= V4.0.0), or your own Identity Provider (IDP).",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "mitigation",
"details": "For published REST and web services and oData APIs: Do not use basic authentication, but use Custom or Active Session authentication methods.",
"product_ids": [
"1",
"2",
"3",
"4",
"5"
]
},
{
"category": "vendor_fix",
"details": "Update to V10.12.11 or later version",
"product_ids": [
"5"
],
"url": "https://docs.mendix.com/releasenotes/studio-pro/10/"
},
{
"category": "vendor_fix",
"details": "Update to V10.17.0 or later version",
"product_ids": [
"3"
],
"url": "https://docs.mendix.com/releasenotes/studio-pro/10/"
},
{
"category": "vendor_fix",
"details": "Update to V10.6.19 or later version",
"product_ids": [
"4"
],
"url": "https://docs.mendix.com/releasenotes/studio-pro/10/"
},
{
"category": "vendor_fix",
"details": "Update to V8.18.33 or later version",
"product_ids": [
"1"
],
"url": "https://docs.mendix.com/releasenotes/studio-pro/8/"
},
{
"category": "vendor_fix",
"details": "Update to V9.24.31 or later version",
"product_ids": [
"2"
],
"url": "https://docs.mendix.com/releasenotes/studio-pro/9/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5"
]
}
],
"title": "CVE-2023-49069"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…