cvelistv5 - cve-2018-16600

CVE-2018-16600 (GCVE-0-2018-16600)

Vulnerability from cvelistv5 – Published: 2018-12-06 23:00 – Updated: 2024-08-05 10:24

Summary

An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

FKIE_CVE-2018-16600

Vulnerability from fkie_nvd - Published: 2018-12-06 23:29 - Updated: 2024-11-21 03:53

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cve@mitre.org	https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/	Exploit, Third Party Advisory
cve@mitre.org	https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/	Third Party Advisory
cve@mitre.org	https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md	Release Notes, Third Party Advisory

Impacted products

	Vendor	Product	Version
	amazon	amazon_web_services_freertos	*
	amazon	freertos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:amazon:amazon_web_services_freertos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EADBC4B-05C5-4588-B0D8-DDAF318DFEB1",
              "versionEndIncluding": "1.3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:amazon:freertos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A645BC4-5A25-47D4-BBA3-BA199C48FE3C",
              "versionEndIncluding": "10.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en Amazon Web Services (AWS) FreeRTOS hasta la versi\u00f3n 1.3.1, FreeRTOS hasta V10.0.1 (con FreeRTOS+TCP) y el componente middleware TCP/IP WITTENSTEIN WHIS Connect. El acceso fuera de l\u00edmites a la memoria durante el an\u00e1lisis de paquetes ARP en eARPProcessPacket se puede emplear para divulgar informaci\u00f3n."
    }
  ],
  "id": "CVE-2018-16600",
  "lastModified": "2024-11-21T03:53:02.113",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-12-06T23:29:00.957",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-276C-2376-64GP

Vulnerability from github – Published: 2022-05-14 01:43 – Updated: 2022-05-14 01:43

Details

Severity ?

5.9 (Medium)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-16600"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-06T23:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure.",
  "id": "GHSA-276c-2376-64gp",
  "modified": "2022-05-14T01:43:18Z",
  "published": "2022-05-14T01:43:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16600"
    },
    {
      "type": "WEB",
      "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details"
    },
    {
      "type": "WEB",
      "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems"
    },
    {
      "type": "WEB",
      "url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-16600

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-16600

Aliases

CVE-2018-16600

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-16600",
    "description": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure.",
    "id": "GSD-2018-16600"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-16600"
      ],
      "details": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure.",
      "id": "GSD-2018-16600",
      "modified": "2023-12-13T01:22:26.166169Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-16600",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md",
            "refsource": "CONFIRM",
            "url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"
          },
          {
            "name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/",
            "refsource": "MISC",
            "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/"
          },
          {
            "name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/",
            "refsource": "MISC",
            "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:amazon:amazon_web_services_freertos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:amazon:freertos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.0.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-16600"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"
            },
            {
              "name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/"
            },
            {
              "name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-01-03T23:59Z",
      "publishedDate": "2018-12-06T23:29Z"
    }
  }
}

SCA-2025-0003

Vulnerability from csaf_sick - Published: 2025-02-28 00:00 - Updated: 2025-05-20 11:00

Summary

FreeRTOS Vulnerabilities have no impact on SICK Products

Notes

summary

FreeRTOS has several known vulnerabilities and is used in various SICK products. A current analysis confirms that the identified vulnerabilities in FreeRTOS do not affect the mentioned SICK products. At this time, there is no indication of any potential risks to these SICK products.

General Security Measures

As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.

Vulnerability Classification

SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer’s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "summary",
        "text": "FreeRTOS has several known vulnerabilities and is used in various SICK products. A current analysis confirms that the identified vulnerabilities in FreeRTOS do not affect the mentioned SICK products. At this time, there is no indication of any potential risks to these SICK products.",
        "title": "summary"
      },
      {
        "category": "general",
        "text": "As general security measures, SICK recommends to minimize network exposure of the devices, restrict network access and follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Security Measures"
      },
      {
        "category": "general",
        "text": "SICK performs vulnerability classification by using the CVSS scoring system (*CVSS v3.1*). The environmental score is dependent on the customer\u2019s environment and can affect the overall CVSS score. SICK recommends that customers individually evaluate the environmental score to achieve final scoring.",
        "title": "Vulnerability Classification"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "psirt@sick.de",
      "issuing_authority": "SICK PSIRT is responsible for any vulnerabilities related to SICK products.",
      "name": "SICK PSIRT",
      "namespace": "https://www.sick.com/psirt"
    },
    "references": [
      {
        "summary": "SICK PSIRT Security Advisories",
        "url": "https://sick.com/psirt"
      },
      {
        "summary": "SICK Operating Guidelines",
        "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
      },
      {
        "summary": "ICS-CERT recommended practices on Industrial Security",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "summary": "CVSS v3.1 Calculator",
        "url": "https://www.first.org/cvss/calculator/3.1"
      },
      {
        "category": "self",
        "summary": "The canonical URL.",
        "url": "https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0003.json"
      }
    ],
    "title": "FreeRTOS Vulnerabilities have no impact on SICK Products",
    "tracking": {
      "current_release_date": "2025-05-20T11:00:00.000Z",
      "generator": {
        "date": "2025-05-13T08:12:25.055Z",
        "engine": {
          "name": "Secvisogram",
          "version": "2.5.25"
        }
      },
      "id": "SCA-2025-0003",
      "initial_release_date": "2025-02-28T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-02-28T11:00:00.000Z",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-05-20T11:00:00.000Z",
          "number": "2",
          "summary": "Added two products: ANS58 and ANM58. Both have the product status \u0027Known Not Affected\u0027."
        },
        {
          "date": "2025-07-30T07:30:49.000Z",
          "number": "3",
          "summary": "Updated Advisory: URL for SICK Operating Guidelines has been updated"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK deTem4 all versions",
                      "product_id": "CSAFPID-0001",
                      "product_identification_helper": {
                        "skus": [
                          "1128426",
                          "1128427",
                          "1128428",
                          "1128429",
                          "1128430",
                          "1128431",
                          "1128432",
                          "1128433",
                          "1128434",
                          "1128435",
                          "1128436",
                          "1128437",
                          "1128438",
                          "1128439",
                          "1128440"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "deTem4"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK deTem4 A/P all versions",
                      "product_id": "CSAFPID-0002",
                      "product_identification_helper": {
                        "skus": [
                          "1101921",
                          "1102144",
                          "1102633",
                          "1102634",
                          "1102635",
                          "1102636",
                          "1103066",
                          "1103067"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "deTem4 A/P"
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK deTem4 LT Muting A/P  all versions",
                      "product_id": "CSAFPID-0003",
                      "product_identification_helper": {
                        "skus": [
                          "1110584",
                          "1108692",
                          "1108691"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "deTem4 LT Muting A/P "
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK deTem4 Core A/P  all versions",
                      "product_id": "CSAFPID-0004",
                      "product_identification_helper": {
                        "skus": [
                          "1101921",
                          "1102144",
                          "1102644",
                          "1102645",
                          "1103066",
                          "1103067"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "deTem4 Core A/P "
              },
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK deTem2 Core A/P all versions",
                      "product_id": "CSAFPID-0005",
                      "product_identification_helper": {
                        "skus": [
                          "1101921",
                          "1102144",
                          "1102646",
                          "1102647",
                          "1103066",
                          "1103067"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "deTem2 Core A/P"
              }
            ],
            "category": "product_family",
            "name": "deTem"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK deTec4 all versions",
                      "product_id": "CSAFPID-0006",
                      "product_identification_helper": {
                        "skus": [
                          "1116161",
                          "1116162",
                          "1116163",
                          "1116164",
                          "1116165",
                          "1116166",
                          "1116167",
                          "1220084",
                          "1220085",
                          "1220086",
                          "1220087",
                          "1220088",
                          "1220089",
                          "1220090",
                          "1220091",
                          "1220092",
                          "1220093",
                          "1220094",
                          "1220095",
                          "1220096",
                          "1220097",
                          "1220098",
                          "1220099",
                          "1220100",
                          "1220101",
                          "1220102",
                          "1220103",
                          "1220104",
                          "1220105",
                          "1220106",
                          "1220107",
                          "1220108",
                          "1220109",
                          "1220110",
                          "1220111",
                          "1220112",
                          "1220113",
                          "1220114",
                          "1220115",
                          "1220116",
                          "1220117",
                          "1220118",
                          "1220119",
                          "1220120",
                          "1220121",
                          "1220122",
                          "1220123",
                          "1220124",
                          "1220125",
                          "1220126",
                          "1220127",
                          "1220128",
                          "1220129",
                          "1220130",
                          "1220131",
                          "1220132",
                          "1220134",
                          "1220135",
                          "1220136",
                          "1220137",
                          "1220138",
                          "1220139",
                          "1220140",
                          "1220141",
                          "1220142",
                          "1220143",
                          "1220144",
                          "1220145",
                          "1220146",
                          "1220147",
                          "1220148",
                          "1220149",
                          "1220150",
                          "1220151",
                          "1220152",
                          "1220153",
                          "1220154",
                          "1220155",
                          "1220156",
                          "1220157",
                          "1220158",
                          "1220159",
                          "1220160",
                          "1220161",
                          "1220162",
                          "1220639",
                          "1220640",
                          "1220641",
                          "1220642",
                          "1220643",
                          "1220644",
                          "1220645",
                          "1220646",
                          "1220647",
                          "1220648",
                          "1220649",
                          "1220650",
                          "1220651"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "deTec4"
              }
            ],
            "category": "product_family",
            "name": "deTec4"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK scanGrid2 all versions",
                      "product_id": "CSAFPID-0007",
                      "product_identification_helper": {
                        "skus": [
                          "1101561",
                          "1109414"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "scanGrid2"
              }
            ],
            "category": "product_family",
            "name": "scanGrid2"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK DMM4 all versions",
                      "product_id": "CSAFPID-0008",
                      "product_identification_helper": {
                        "skus": [
                          "1125562"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "DMM4"
              }
            ],
            "category": "product_family",
            "name": "DMM4"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK safeVisionary2 all versions",
                      "product_id": "CSAFPID-0009",
                      "product_identification_helper": {
                        "skus": [
                          "1116398"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "safeVisionary2"
              }
            ],
            "category": "product_family",
            "name": "safeVisionary2"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK FXL1 all versions",
                      "product_id": "CSAFPID-0010",
                      "product_identification_helper": {
                        "skus": [
                          "1101320",
                          "1101321",
                          "1101322",
                          "1101323",
                          "1101324",
                          "1101325",
                          "1120827",
                          "1120828",
                          "1122586",
                          "1122587",
                          "1112205",
                          "1112206",
                          "1143315",
                          "1143316",
                          "1144849",
                          "1144850"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "FXL1"
              }
            ],
            "category": "product_family",
            "name": "flexLock"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK SE1 all versions",
                      "product_id": "CSAFPID-0011",
                      "product_identification_helper": {
                        "skus": [
                          "1132196",
                          "1132197"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "SE1"
              }
            ],
            "category": "product_family",
            "name": "SE1"
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK ANM58B all versions",
                      "product_id": "CSAFPID-0012",
                      "product_identification_helper": {
                        "skus": [
                          "1145910",
                          "1146128",
                          "1146129",
                          "1146130",
                          "1146132",
                          "1146133",
                          "1146134",
                          "1146135",
                          "1146136",
                          "1146137",
                          "1146519",
                          "1146524",
                          "1146526",
                          "1146529",
                          "1146643",
                          "1146644",
                          "1146645",
                          "1146648",
                          "1148701",
                          "1148703",
                          "1148711",
                          "1148725",
                          "1148730"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "ANM58B"
              }
            ],
            "category": "product_family",
            "name": "ANM58 PROFINET "
          },
          {
            "branches": [
              {
                "branches": [
                  {
                    "category": "product_version_range",
                    "name": "vers:all/*",
                    "product": {
                      "name": "SICK ANS58B all versions",
                      "product_id": "CSAFPID-0013",
                      "product_identification_helper": {
                        "skus": [
                          "1145911",
                          "1145966",
                          "1146127",
                          "1146131",
                          "1146525",
                          "1146658",
                          "1148702",
                          "1148706",
                          "1148712",
                          "1148713",
                          "1148717",
                          "1148718",
                          "1148721",
                          "1148722",
                          "1148726",
                          "1148727",
                          "1148731",
                          "1148732",
                          "1149238",
                          "1149416",
                          "1149417",
                          "1149418"
                        ]
                      }
                    }
                  }
                ],
                "category": "product_name",
                "name": "ANS58B"
              }
            ],
            "category": "product_family",
            "name": "ANS58 PROFINET "
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "1.02 up to 1.30",
                "product": {
                  "name": "SICK deTem4 firmware 1.02 up to 1.30",
                  "product_id": "CSAFPID-0014"
                }
              }
            ],
            "category": "product_name",
            "name": "deTem4 firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "1.02 up to 1.30",
                "product": {
                  "name": "SICK deTem4 A/P firmware 1.02 up to 1.30",
                  "product_id": "CSAFPID-0015"
                }
              }
            ],
            "category": "product_name",
            "name": "deTem4 A/P firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "1.05 up to 1.43",
                "product": {
                  "name": "SICK deTec4 firmware 1.05 up to 1.43",
                  "product_id": "CSAFPID-0016"
                }
              }
            ],
            "category": "product_name",
            "name": "deTec4 firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "1.10 up to 1.15",
                "product": {
                  "name": "SICK scanGrid2 firmware 1.10 up to 1.15",
                  "product_id": "CSAFPID-0017"
                }
              }
            ],
            "category": "product_name",
            "name": "scanGrid2 firmware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.02",
                "product": {
                  "name": "SICK DMM4 firmware 1.02",
                  "product_id": "CSAFPID-0018"
                }
              }
            ],
            "category": "product_name",
            "name": "DMM4 firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK safeVisionary2 firmware all versions",
                  "product_id": "CSAFPID-0019"
                }
              }
            ],
            "category": "product_name",
            "name": "safeVisionary2 firmware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.20.00",
                "product": {
                  "name": "SICK FXL1 firmware 1.20.00",
                  "product_id": "CSAFPID-0020"
                }
              }
            ],
            "category": "product_name",
            "name": "FXL1 firmware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.16.00",
                "product": {
                  "name": "SICK SE1 firmware 1.16.00",
                  "product_id": "CSAFPID-0021"
                }
              }
            ],
            "category": "product_name",
            "name": "SE1 firmware"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.10",
                "product": {
                  "name": "SICK deTem4 LT Muting A/P firmware 1.10",
                  "product_id": "CSAFPID-0022"
                }
              }
            ],
            "category": "product_name",
            "name": "deTem4 LT Muting A/P firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "1.04 up to 1.10",
                "product": {
                  "name": "SICK deTem4 Core A/P firmware 1.04 up to 1.10",
                  "product_id": "CSAFPID-0023"
                }
              }
            ],
            "category": "product_name",
            "name": "deTem4 Core A/P firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "1.04 up to 1.10",
                "product": {
                  "name": "SICK deTem2 Core A/P 1.04 up to 1.10",
                  "product_id": "CSAFPID-0024"
                }
              }
            ],
            "category": "product_name",
            "name": "deTem2 Core A/P"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK ANM58B firmware all versions",
                  "product_id": "CSAFPID-0025"
                }
              }
            ],
            "category": "product_name",
            "name": "ANM58B firmware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "SICK ANS58B firmware all versions",
                  "product_id": "CSAFPID-0026"
                }
              }
            ],
            "category": "product_name",
            "name": "ANS58B firmware"
          }
        ],
        "category": "vendor",
        "name": "SICK AG"
      }
    ],
    "relationships": [
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK deTem4 with Firmware 1.02 up to 1.30",
          "product_id": "CSAFPID-0027"
        },
        "product_reference": "CSAFPID-0014",
        "relates_to_product_reference": "CSAFPID-0001"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK deTem4 A/P with Firmware 1.02 up to 1.30",
          "product_id": "CSAFPID-0028"
        },
        "product_reference": "CSAFPID-0015",
        "relates_to_product_reference": "CSAFPID-0002"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK deTec4 with Firmware 1.05 up to 1.43",
          "product_id": "CSAFPID-0029"
        },
        "product_reference": "CSAFPID-0016",
        "relates_to_product_reference": "CSAFPID-0006"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK scanGrid2 with Firmware 1.10 up to 1.15",
          "product_id": "CSAFPID-0030"
        },
        "product_reference": "CSAFPID-0017",
        "relates_to_product_reference": "CSAFPID-0007"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK DMM4 with Firmware 1.02",
          "product_id": "CSAFPID-0031"
        },
        "product_reference": "CSAFPID-0018",
        "relates_to_product_reference": "CSAFPID-0008"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK safeVisionary2 all Firmware versions",
          "product_id": "CSAFPID-0032"
        },
        "product_reference": "CSAFPID-0019",
        "relates_to_product_reference": "CSAFPID-0009"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK FXL1 with Firmware 1.20.00",
          "product_id": "CSAFPID-0033"
        },
        "product_reference": "CSAFPID-0020",
        "relates_to_product_reference": "CSAFPID-0010"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK SE1 with Firmware 1.16.00",
          "product_id": "CSAFPID-0034"
        },
        "product_reference": "CSAFPID-0021",
        "relates_to_product_reference": "CSAFPID-0011"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK deTem4 LT Muting A/P  with Firmware 1.10",
          "product_id": "CSAFPID-0035"
        },
        "product_reference": "CSAFPID-0022",
        "relates_to_product_reference": "CSAFPID-0003"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK deTem4 Core A/P  with Firmware 1.04 up to 1.10",
          "product_id": "CSAFPID-0036"
        },
        "product_reference": "CSAFPID-0023",
        "relates_to_product_reference": "CSAFPID-0004"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK deTem2 Core A/P with Firmware 1.04 up to 1.10",
          "product_id": "CSAFPID-0037"
        },
        "product_reference": "CSAFPID-0024",
        "relates_to_product_reference": "CSAFPID-0005"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK ANM58B all Firmware versions",
          "product_id": "CSAFPID-0038"
        },
        "product_reference": "CSAFPID-0025",
        "relates_to_product_reference": "CSAFPID-0012"
      },
      {
        "category": "installed_on",
        "full_product_name": {
          "name": "SICK ANS58B all Firmware versions",
          "product_id": "CSAFPID-0039"
        },
        "product_reference": "CSAFPID-0026",
        "relates_to_product_reference": "CSAFPID-0013"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-28115",
      "cwe": {
        "id": "CWE-280",
        "name": "Improper Handling of Insufficient Permissions or Privileges "
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ],
      "title": "Privilege Escalation in FreeRTOS Kernel ARMv7-M MPU ports and ARMv8-M ports with MPU support enabled"
    },
    {
      "cve": "CVE-2018-16525",
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to execute arbitrary code or leak information because of a Buffer Overflow during parsing of DNS\\LLMNR packets in prvParseDNSReply.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.1,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 8.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2021-43997",
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code from calling the xPortRaisePrivilege internal function to raise privilege. FreeRTOS versions through 10.4.6 do not prevent a third party that has already independently gained the ability to execute injected code to achieve further privilege escalation by branching directly inside a FreeRTOS MPU API wrapper function with a manually crafted stack frame. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with MPU support enabled (i.e. configENABLE_MPU set to 1). These are fixed in V10.5.0 and in V10.4.3-LTS Patch 3.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2021-31571",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in queue.c for queue creation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2021-32020",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insufficient bounds checking during management of heap memory.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2021-31572",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an integer overflow in stream_buffer.c for a stream buffer.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 9.8,
            "environmentalSeverity": "CRITICAL",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "temporalSeverity": "CRITICAL",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16601",
      "cwe": {
        "id": "CWE-191",
        "name": "Integer Underflow (Wrap or Wraparound)"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly remote code execution.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.1,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 8.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16526",
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow remote attackers to leak information or execute arbitrary code because of a Buffer Overflow during generation of a protocol checksum in usGenerateProtocolChecksum and prvProcessIPPacket.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 8.1,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 8.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16523",
      "cwe": {
        "id": "CWE-369",
        "name": "Divide By Zero"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 7.4,
            "environmentalSeverity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.4,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16600",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of ARP packets in eARPProcessPacket can be used for information disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16527",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of ICMP packets in prvProcessICMPPacket.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16524",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow information disclosure during parsing of TCP options in prvCheckOptions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16599",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of NBNS packets in prvTreatNBNS can be used for information disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16598",
      "cwe": {
        "id": "CWE-441",
        "name": "Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. In xProcessReceivedUDPPacket and prvParseDNSReply, any received DNS response is accepted, without confirming it matches a sent DNS request.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16602",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds memory access during parsing of DHCP responses in prvProcessDHCPReplies can be used for information disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2018-16603",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "audience": "all",
          "category": "summary",
          "text": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. Out of bounds access to TCP source and destination port fields in xProcessReceivedTCPPacket can leak data back to an attacker.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_not_affected": [
          "CSAFPID-0027",
          "CSAFPID-0028",
          "CSAFPID-0029",
          "CSAFPID-0030",
          "CSAFPID-0031",
          "CSAFPID-0032",
          "CSAFPID-0033",
          "CSAFPID-0034",
          "CSAFPID-0035",
          "CSAFPID-0036",
          "CSAFPID-0037",
          "CSAFPID-0038",
          "CSAFPID-0039"
        ]
      },
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalScore": 5.9,
            "environmentalSeverity": "MEDIUM",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 5.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0027",
            "CSAFPID-0028",
            "CSAFPID-0029",
            "CSAFPID-0030",
            "CSAFPID-0031",
            "CSAFPID-0032",
            "CSAFPID-0033",
            "CSAFPID-0034",
            "CSAFPID-0035",
            "CSAFPID-0036",
            "CSAFPID-0037",
            "CSAFPID-0038",
            "CSAFPID-0039"
          ]
        }
      ]
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-16600 (GCVE-0-2018-16600)

FKIE_CVE-2018-16600

GHSA-276C-2376-64GP

GSD-2018-16600

SCA-2025-0003

Tags

Sightings

Nomenclature