cvelistv5 - cve-2024-28957

cve-2024-28957

Vulnerability from cvelistv5

Published

2024-04-15 10:48

Modified

2024-08-29 20:06

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device.

References

▼	URL	Tags
	vultures@jpcert.or.jp	https://jvn.jp/en/vu/JVNVU94016877/
	vultures@jpcert.or.jp	https://www.cente.jp/obstacle/4956/
	vultures@jpcert.or.jp	https://www.cente.jp/obstacle/4963/
	af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/vu/JVNVU94016877/
	af854a3a-2127-422b-91ae-364da2661108	https://www.cente.jp/obstacle/4956/
	af854a3a-2127-422b-91ae-364da2661108	https://www.cente.jp/obstacle/4963/

Impacted products

Vendor

Product

Version

▼

DMG MORI Digital Co., LTD. and NEXT Co., Ltd.

Cente TCP/IPv4

Version: Ver.1.41 and earlier

DMG MORI Digital Co., LTD. and NEXT Co., Ltd.	Cente TCP/IPv4 SNMPv2	Version: Ver.2.30 and earlier
DMG MORI Digital Co., LTD. and NEXT Co., Ltd.	Cente TCP/IPv4 SNMPv3	Version: Ver.2.30 and earlier
DMG MORI Digital Co., LTD. and NEXT Co., Ltd.	Cente IPv6	Version: Ver.1.51 and earlier
DMG MORI Digital Co., LTD. and NEXT Co., Ltd.	Cente IPv6 SNMPv2	Version: Ver.2.30 and earlier
DMG MORI Digital Co., LTD. and NEXT Co., Ltd.	Cente IPv6 SNMPv3	Version: Ver.2.30 and earlier

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.396Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cente.jp/obstacle/4963/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cente.jp/obstacle/4956/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU94016877/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cente:ipv6:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ipv6",
            "vendor": "cente",
            "versions": [
              {
                "lessThanOrEqual": "1.51",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cente:ipv6_snmpv2:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ipv6_snmpv2",
            "vendor": "cente",
            "versions": [
              {
                "lessThanOrEqual": "2.30",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cente:ipv6_snmpv3:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ipv6_snmpv3",
            "vendor": "cente",
            "versions": [
              {
                "lessThanOrEqual": "2.30",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cente:ipv4snmpv2:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ipv4snmpv2",
            "vendor": "cente",
            "versions": [
              {
                "lessThanOrEqual": "2.30",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cente:ipv4snmpv3:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ipv4snmpv3",
            "vendor": "cente",
            "versions": [
              {
                "lessThanOrEqual": "2.30",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cente:ipv4:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ipv4",
            "vendor": "cente",
            "versions": [
              {
                "lessThanOrEqual": "1.41",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-28957",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-07T15:53:21.774024Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-340",
                "description": "CWE-340 Generation of Predictable Numbers or Identifiers",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-29T20:06:59.433Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cente TCP/IPv4",
          "vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.1.41 and earlier"
            }
          ]
        },
        {
          "product": "Cente TCP/IPv4 SNMPv2",
          "vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.2.30 and earlier"
            }
          ]
        },
        {
          "product": "Cente TCP/IPv4 SNMPv3",
          "vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.2.30 and earlier"
            }
          ]
        },
        {
          "product": "Cente IPv6",
          "vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.1.51 and earlier"
            }
          ]
        },
        {
          "product": "Cente IPv6 SNMPv2",
          "vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.2.30 and earlier"
            }
          ]
        },
        {
          "product": "Cente IPv6 SNMPv3",
          "vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.2.30 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Generation of Predictable Numbers or Identifiers",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-15T10:48:59.978Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.cente.jp/obstacle/4963/"
        },
        {
          "url": "https://www.cente.jp/obstacle/4956/"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU94016877/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-28957",
    "datePublished": "2024-04-15T10:48:59.978Z",
    "dateReserved": "2024-03-19T01:42:41.530Z",
    "dateUpdated": "2024-08-29T20:06:59.433Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device.\"}, {\"lang\": \"es\", \"value\": \"Existe un problema de generaci\\u00f3n de identificadores predecibles en la serie de redes TCP/IP del middleware Cente. Si se explota esta vulnerabilidad, un atacante remoto no autenticado puede interferir en las comunicaciones al predecir algunos ID de encabezado de paquete del dispositivo.\"}]",
      "id": "CVE-2024-28957",
      "lastModified": "2024-11-21T09:07:16.013",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
      "published": "2024-04-15T11:15:08.490",
      "references": "[{\"url\": \"https://jvn.jp/en/vu/JVNVU94016877/\", \"source\": \"vultures@jpcert.or.jp\"}, {\"url\": \"https://www.cente.jp/obstacle/4956/\", \"source\": \"vultures@jpcert.or.jp\"}, {\"url\": \"https://www.cente.jp/obstacle/4963/\", \"source\": \"vultures@jpcert.or.jp\"}, {\"url\": \"https://jvn.jp/en/vu/JVNVU94016877/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.cente.jp/obstacle/4956/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.cente.jp/obstacle/4963/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "vultures@jpcert.or.jp",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-340\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-28957\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2024-04-15T11:15:08.490\",\"lastModified\":\"2024-11-21T09:07:16.013\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device.\"},{\"lang\":\"es\",\"value\":\"Existe un problema de generaci\u00f3n de identificadores predecibles en la serie de redes TCP/IP del middleware Cente. Si se explota esta vulnerabilidad, un atacante remoto no autenticado puede interferir en las comunicaciones al predecir algunos ID de encabezado de paquete del dispositivo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-340\"}]}],\"references\":[{\"url\":\"https://jvn.jp/en/vu/JVNVU94016877/\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://www.cente.jp/obstacle/4956/\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://www.cente.jp/obstacle/4963/\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://jvn.jp/en/vu/JVNVU94016877/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.cente.jp/obstacle/4956/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.cente.jp/obstacle/4963/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cente.jp/obstacle/4963/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.cente.jp/obstacle/4956/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://jvn.jp/en/vu/JVNVU94016877/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T01:03:51.396Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-28957\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-07T15:53:21.774024Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:cente:ipv6:*:*:*:*:*:*:*:*\"], \"vendor\": \"cente\", \"product\": \"ipv6\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.51\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cente:ipv6_snmpv2:*:*:*:*:*:*:*:*\"], \"vendor\": \"cente\", \"product\": \"ipv6_snmpv2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.30\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cente:ipv6_snmpv3:*:*:*:*:*:*:*:*\"], \"vendor\": \"cente\", \"product\": \"ipv6_snmpv3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.30\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cente:ipv4snmpv2:*:*:*:*:*:*:*:*\"], \"vendor\": \"cente\", \"product\": \"ipv4snmpv2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.30\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cente:ipv4snmpv3:*:*:*:*:*:*:*:*\"], \"vendor\": \"cente\", \"product\": \"ipv4snmpv3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.30\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cente:ipv4:*:*:*:*:*:*:*:*\"], \"vendor\": \"cente\", \"product\": \"ipv4\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.41\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-340\", \"description\": \"CWE-340 Generation of Predictable Numbers or Identifiers\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-12T19:31:11.305Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"DMG MORI Digital Co., LTD. and NEXT Co., Ltd.\", \"product\": \"Cente TCP/IPv4\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.1.41 and earlier\"}]}, {\"vendor\": \"DMG MORI Digital Co., LTD. and NEXT Co., Ltd.\", \"product\": \"Cente TCP/IPv4 SNMPv2\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.2.30 and earlier\"}]}, {\"vendor\": \"DMG MORI Digital Co., LTD. and NEXT Co., Ltd.\", \"product\": \"Cente TCP/IPv4 SNMPv3\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.2.30 and earlier\"}]}, {\"vendor\": \"DMG MORI Digital Co., LTD. and NEXT Co., Ltd.\", \"product\": \"Cente IPv6\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.1.51 and earlier\"}]}, {\"vendor\": \"DMG MORI Digital Co., LTD. and NEXT Co., Ltd.\", \"product\": \"Cente IPv6 SNMPv2\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.2.30 and earlier\"}]}, {\"vendor\": \"DMG MORI Digital Co., LTD. and NEXT Co., Ltd.\", \"product\": \"Cente IPv6 SNMPv3\", \"versions\": [{\"status\": \"affected\", \"version\": \"Ver.2.30 and earlier\"}]}], \"references\": [{\"url\": \"https://www.cente.jp/obstacle/4963/\"}, {\"url\": \"https://www.cente.jp/obstacle/4956/\"}, {\"url\": \"https://jvn.jp/en/vu/JVNVU94016877/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Generation of Predictable Numbers or Identifiers\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2024-04-15T10:48:59.978Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-28957\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-29T20:06:59.433Z\", \"dateReserved\": \"2024-03-19T01:42:41.530Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2024-04-15T10:48:59.978Z\", \"assignerShortName\": \"jpcert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

cve-2024-28957

Vulnerability from jvndb

Published

2024-04-05 15:36

Modified

2024-09-24 15:00

Severity ?

5.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Multiple vulnerabilities in Cente middleware

Details

Some products in Cente middleware TCP/IP Network Series developed by DMG MORI Digital Co., LTD. and provided by NEXT Co., Ltd. contain multiple vulnerabilities listed below. * Out-of-bounds Read caused by improper checking of the option length values in IPv6 NDP packets (CWE-125) * Out-of-bounds Read caused by improper checking of the option length values in IPv6 headers (CWE-125) * Generation of Predictable Identifiers (CWE-340) DMG MORI Digital Co., LTD. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.

References

▼	Type	URL
	JVN	https://jvn.jp/en/vu/JVNVU94016877/index.html
	JVN	https://jvn.jp/en/vu/JVNVU96959731/index.html
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-28957
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-23911
	CVE	https://www.cve.org/CVERecord?id=CVE-2024-28894
	ICS-CERT ADVISORY	https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-02
	Out-of-bounds Read(CWE-125)	https://cwe.mitre.org/data/definitions/125.html
	Generation of Predictable Numbers or Identifiers(CWE-340)	https://cwe.mitre.org/data/definitions/340.html

Impacted products

▼	Vendor	Product
	NEXT Co., LTD.	Cente IPv6
	NEXT Co., LTD.	Cente TCP/IPv4

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003068.html",
  "dc:date": "2024-09-24T15:00+09:00",
  "dcterms:issued": "2024-04-05T15:36+09:00",
  "dcterms:modified": "2024-09-24T15:00+09:00",
  "description": "Some products in Cente middleware TCP/IP Network Series developed by DMG MORI Digital Co., LTD. and provided by NEXT Co., Ltd. contain multiple vulnerabilities listed below.\r\n\r\n  * Out-of-bounds Read caused by improper checking of the option length values in IPv6 NDP packets (CWE-125)\r\n  * Out-of-bounds Read caused by improper checking of the option length values in IPv6 headers (CWE-125)\r\n  * Generation of Predictable Identifiers (CWE-340)\r\n\r\nDMG MORI Digital Co., LTD. reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-003068.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:misc:next_cente_ipv6",
      "@product": "Cente IPv6",
      "@vendor": "NEXT Co., LTD.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:misc:next_cente_tcp%2Fipv4",
      "@product": "Cente TCP/IPv4",
      "@vendor": "NEXT Co., LTD.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-003068",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU94016877/index.html",
      "@id": "JVNVU#94016877",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/vu/JVNVU96959731/index.html",
      "@id": "JVNVU#96959731",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28957",
      "@id": "CVE-2024-28957",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-23911",
      "@id": "CVE-2024-23911",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-28894",
      "@id": "CVE-2024-28894",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-02",
      "@id": "ICSA-24-263-02",
      "@source": "ICS-CERT ADVISORY"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/125.html",
      "@id": "CWE-125",
      "@title": "Out-of-bounds Read(CWE-125)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/340.html",
      "@id": "CWE-340",
      "@title": "Generation of Predictable Numbers or Identifiers(CWE-340)"
    }
  ],
  "title": "Multiple vulnerabilities in Cente middleware"
}

ICSA-24-263-02

Vulnerability from csaf_cisa

Published

2024-09-19 06:00

Modified

2024-09-19 06:00

Summary

IDEC PLCs

Notes

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could allow an attacker to obtain user authentication information or disrupt communication.

Critical infrastructure sectors

Food and Agriculture, Critical Manufacturing, Energy, Transportation

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Recommended Practices

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "IDEC Corporation",
        "summary": "reporting these vulnerabilities to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow an attacker to obtain user authentication information or disrupt communication.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Food and Agriculture, Critical Manufacturing, Energy, Transportation",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Japan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-24-263-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-263-02.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-24-263-02 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      }
    ],
    "title": "IDEC PLCs",
    "tracking": {
      "current_release_date": "2024-09-19T06:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-24-263-02",
      "initial_release_date": "2024-09-19T06:00:00.000000Z",
      "revision_history": [
        {
          "date": "2024-09-19T06:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=Ver.2.60",
                "product": {
                  "name": "IDEC Corporation FC6A Series MICROSmart All-in-One CPU module: \u003c=Ver.2.60",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "FC6A Series MICROSmart All-in-One CPU module"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=Ver.2.60",
                "product": {
                  "name": "IDEC Corporation FC6B Series MICROSmart All-in-One CPU module: \u003c=Ver.2.60",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "FC6B Series MICROSmart All-in-One CPU module"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=Ver.2.40",
                "product": {
                  "name": "IDEC Corporation FC6A Series MICROSmart Plus CPU module: \u003c=Ver.2.40",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "FC6A Series MICROSmart Plus CPU module"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=Ver.2.60",
                "product": {
                  "name": "IDEC Corporation FC6B Series MICROSmart Plus CPU module: \u003c=Ver.2.60",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "FC6B Series MICROSmart Plus CPU module"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=Ver.2.41_affected_only_by",
                "product": {
                  "name": "IDEC Corporation FT1A Series SmartAXIS Pro/Lite: \u003c=Ver.2.41_affected_only_by",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "FT1A Series SmartAXIS Pro/Lite"
          }
        ],
        "category": "vendor",
        "name": "IDEC Corporation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-41927",
      "cwe": {
        "id": "CWE-319",
        "name": "Cleartext Transmission of Sensitive Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected products are vulnerable to a cleartext vulnerability that could allow an attacker to obtain user authentication information.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-41927"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply the appropriate software update according to the information provided by the developer:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FC6A Series MICROSmart All-in-One CPU module: Ver.2.70 and later",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FC6B Series MICROSmart All-in-One CPU module: Ver.2.70 and later",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FC6A Series MICROSmart Plus CPU module: Ver.2.50 and later",
          "product_ids": [
            "CSAFPID-0003"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FC6B Series MICROSmart Plus CPU module: Ver.2.70 and later",
          "product_ids": [
            "CSAFPID-0004"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FT1A Series SmartAXIS Pro/Lite: Ver.2.50 and later",
          "product_ids": [
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information, reference the IDEC Corporation advisory:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "Vulnerabilities in PLC regarding plaintext transmission of sensitive information and predictable ID usage",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://us.idec.com/media/24-RD-0256-EN.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2024-28957",
      "cwe": {
        "id": "CWE-340",
        "name": "Generation of Predictable Numbers or Identifiers"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected products are vulnerable to a predictable identifiers vulnerability, which may allow an attacker to disrupt communications.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-28957"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply the appropriate software update according to the information provided by the developer:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FC6A Series MICROSmart All-in-One CPU module: Ver.2.70 and later",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FC6B Series MICROSmart All-in-One CPU module: Ver.2.70 and later",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FC6A Series MICROSmart Plus CPU module: Ver.2.50 and later",
          "product_ids": [
            "CSAFPID-0003"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FC6B Series MICROSmart Plus CPU module: Ver.2.70 and later",
          "product_ids": [
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information, reference the IDEC Corporation advisory:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "Vulnerabilities in PLC regarding plaintext transmission of sensitive information and predictable ID usage",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://us.idec.com/media/24-RD-0256-EN.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ]
    }
  ]
}

icsa-24-263-02

Vulnerability from csaf_cisa

Published

2024-09-19 06:00

Modified

2024-09-19 06:00

Summary

IDEC PLCs

Notes

Legal Notice

Risk evaluation

Successful exploitation of these vulnerabilities could allow an attacker to obtain user authentication information or disrupt communication.

Critical infrastructure sectors

Food and Agriculture, Critical Manufacturing, Energy, Transportation

Countries/areas deployed

Worldwide

Company headquarters location

Japan

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:

Recommended Practices

Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolating them from business networks.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

Recommended Practices

No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "IDEC Corporation",
        "summary": "reporting these vulnerabilities to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow an attacker to obtain user authentication information or disrupt communication.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Food and Agriculture, Critical Manufacturing, Energy, Transportation",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Japan",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-24-263-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-263-02.json"
      },
      {
        "category": "self",
        "summary": "ICSA Advisory ICSA-24-263-02 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-263-02"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
      }
    ],
    "title": "IDEC PLCs",
    "tracking": {
      "current_release_date": "2024-09-19T06:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-24-263-02",
      "initial_release_date": "2024-09-19T06:00:00.000000Z",
      "revision_history": [
        {
          "date": "2024-09-19T06:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "Initial Publication"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=Ver.2.60",
                "product": {
                  "name": "IDEC Corporation FC6A Series MICROSmart All-in-One CPU module: \u003c=Ver.2.60",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "FC6A Series MICROSmart All-in-One CPU module"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=Ver.2.60",
                "product": {
                  "name": "IDEC Corporation FC6B Series MICROSmart All-in-One CPU module: \u003c=Ver.2.60",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "FC6B Series MICROSmart All-in-One CPU module"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=Ver.2.40",
                "product": {
                  "name": "IDEC Corporation FC6A Series MICROSmart Plus CPU module: \u003c=Ver.2.40",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "FC6A Series MICROSmart Plus CPU module"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=Ver.2.60",
                "product": {
                  "name": "IDEC Corporation FC6B Series MICROSmart Plus CPU module: \u003c=Ver.2.60",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "FC6B Series MICROSmart Plus CPU module"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=Ver.2.41_affected_only_by",
                "product": {
                  "name": "IDEC Corporation FT1A Series SmartAXIS Pro/Lite: \u003c=Ver.2.41_affected_only_by",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "FT1A Series SmartAXIS Pro/Lite"
          }
        ],
        "category": "vendor",
        "name": "IDEC Corporation"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-41927",
      "cwe": {
        "id": "CWE-319",
        "name": "Cleartext Transmission of Sensitive Information"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected products are vulnerable to a cleartext vulnerability that could allow an attacker to obtain user authentication information.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-41927"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply the appropriate software update according to the information provided by the developer:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FC6A Series MICROSmart All-in-One CPU module: Ver.2.70 and later",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FC6B Series MICROSmart All-in-One CPU module: Ver.2.70 and later",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FC6A Series MICROSmart Plus CPU module: Ver.2.50 and later",
          "product_ids": [
            "CSAFPID-0003"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FC6B Series MICROSmart Plus CPU module: Ver.2.70 and later",
          "product_ids": [
            "CSAFPID-0004"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FT1A Series SmartAXIS Pro/Lite: Ver.2.50 and later",
          "product_ids": [
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information, reference the IDEC Corporation advisory:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        },
        {
          "category": "mitigation",
          "details": "Vulnerabilities in PLC regarding plaintext transmission of sensitive information and predictable ID usage",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ],
          "url": "https://us.idec.com/media/24-RD-0256-EN.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2024-28957",
      "cwe": {
        "id": "CWE-340",
        "name": "Generation of Predictable Numbers or Identifiers"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The affected products are vulnerable to a predictable identifiers vulnerability, which may allow an attacker to disrupt communications.",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "www.cve.org",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-28957"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Apply the appropriate software update according to the information provided by the developer:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FC6A Series MICROSmart All-in-One CPU module: Ver.2.70 and later",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FC6B Series MICROSmart All-in-One CPU module: Ver.2.70 and later",
          "product_ids": [
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FC6A Series MICROSmart Plus CPU module: Ver.2.50 and later",
          "product_ids": [
            "CSAFPID-0003"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "FC6B Series MICROSmart Plus CPU module: Ver.2.70 and later",
          "product_ids": [
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "For more information, reference the IDEC Corporation advisory:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "Vulnerabilities in PLC regarding plaintext transmission of sensitive information and predictable ID usage",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ],
          "url": "https://us.idec.com/media/24-RD-0256-EN.pdf"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ]
    }
  ]
}

cve-2024-28957

Vulnerability from fkie_nvd

Published

2024-04-15 11:15

Modified

2024-11-21 09:07

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

References

▼	URL	Tags
	vultures@jpcert.or.jp	https://jvn.jp/en/vu/JVNVU94016877/
	vultures@jpcert.or.jp	https://www.cente.jp/obstacle/4956/
	vultures@jpcert.or.jp	https://www.cente.jp/obstacle/4963/
	af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/vu/JVNVU94016877/
	af854a3a-2127-422b-91ae-364da2661108	https://www.cente.jp/obstacle/4956/
	af854a3a-2127-422b-91ae-364da2661108	https://www.cente.jp/obstacle/4963/

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device."
    },
    {
      "lang": "es",
      "value": "Existe un problema de generaci\u00f3n de identificadores predecibles en la serie de redes TCP/IP del middleware Cente. Si se explota esta vulnerabilidad, un atacante remoto no autenticado puede interferir en las comunicaciones al predecir algunos ID de encabezado de paquete del dispositivo."
    }
  ],
  "id": "CVE-2024-28957",
  "lastModified": "2024-11-21T09:07:16.013",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-04-15T11:15:08.490",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://jvn.jp/en/vu/JVNVU94016877/"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://www.cente.jp/obstacle/4956/"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://www.cente.jp/obstacle/4963/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://jvn.jp/en/vu/JVNVU94016877/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.cente.jp/obstacle/4956/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.cente.jp/obstacle/4963/"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-340"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

gsd-2024-28957

Vulnerability from gsd

Modified

2024-04-02 05:02

Details

Aliases

CVE-2024-28957

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-28957"
      ],
      "details": "Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device.",
      "id": "GSD-2024-28957",
      "modified": "2024-04-02T05:02:55.864880Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2024-28957",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cente TCP/IPv4",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Ver.1.41 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Cente TCP/IPv4 SNMPv2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Ver.2.30 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Cente TCP/IPv4 SNMPv3",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Ver.2.30 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Cente IPv6",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Ver.1.51 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Cente IPv6 SNMPv2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Ver.2.30 and earlier"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Cente IPv6 SNMPv3",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Ver.2.30 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Generation of Predictable Numbers or Identifiers"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.cente.jp/obstacle/4963/",
            "refsource": "MISC",
            "url": "https://www.cente.jp/obstacle/4963/"
          },
          {
            "name": "https://www.cente.jp/obstacle/4956/",
            "refsource": "MISC",
            "url": "https://www.cente.jp/obstacle/4956/"
          },
          {
            "name": "https://jvn.jp/en/vu/JVNVU94016877/",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/vu/JVNVU94016877/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device."
          },
          {
            "lang": "es",
            "value": "Existe un problema de generaci\u00f3n de identificadores predecibles en la serie de redes TCP/IP del middleware Cente. Si se explota esta vulnerabilidad, un atacante remoto no autenticado puede interferir en las comunicaciones al predecir algunos ID de encabezado de paquete del dispositivo."
          }
        ],
        "id": "CVE-2024-28957",
        "lastModified": "2024-04-15T13:15:31.997",
        "metrics": {},
        "published": "2024-04-15T11:15:08.490",
        "references": [
          {
            "source": "vultures@jpcert.or.jp",
            "url": "https://jvn.jp/en/vu/JVNVU94016877/"
          },
          {
            "source": "vultures@jpcert.or.jp",
            "url": "https://www.cente.jp/obstacle/4956/"
          },
          {
            "source": "vultures@jpcert.or.jp",
            "url": "https://www.cente.jp/obstacle/4963/"
          }
        ],
        "sourceIdentifier": "vultures@jpcert.or.jp",
        "vulnStatus": "Awaiting Analysis"
      }
    }
  }
}

ghsa-rvmq-wmg8-hqq7

Vulnerability from github

Published

2024-04-15 12:30

Modified

2024-08-29 21:31

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-28957"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-340"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-15T11:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device.",
  "id": "GHSA-rvmq-wmg8-hqq7",
  "modified": "2024-08-29T21:31:02Z",
  "published": "2024-04-15T12:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28957"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU94016877"
    },
    {
      "type": "WEB",
      "url": "https://www.cente.jp/obstacle/4956"
    },
    {
      "type": "WEB",
      "url": "https://www.cente.jp/obstacle/4963"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2024-28957

Vulnerability from cvelistv5

cve-2024-28957

Vulnerability from jvndb

ICSA-24-263-02

Vulnerability from csaf_cisa

icsa-24-263-02

Vulnerability from csaf_cisa

cve-2024-28957

Vulnerability from fkie_nvd

gsd-2024-28957

Vulnerability from gsd

ghsa-rvmq-wmg8-hqq7

Vulnerability from github

Tags

Sightings

Nomenclature