github - ghsa-rvmq-wmg8-hqq7

ghsa-rvmq-wmg8-hqq7

Vulnerability from github

Published

2024-04-15 12:30

Modified

2024-08-29 21:31

Severity

5.3 (Medium) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-28957"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-340"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-15T11:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device.",
  "id": "GHSA-rvmq-wmg8-hqq7",
  "modified": "2024-08-29T21:31:02Z",
  "published": "2024-04-15T12:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28957"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU94016877"
    },
    {
      "type": "WEB",
      "url": "https://www.cente.jp/obstacle/4956"
    },
    {
      "type": "WEB",
      "url": "https://www.cente.jp/obstacle/4963"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

cve-2024-28957

Vulnerability from cvelistv5

Published

2024-04-15 10:48

Modified

2024-08-29 20:06

Severity

5.3 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device.

References

URL	Tags
https://www.cente.jp/obstacle/4963/
https://www.cente.jp/obstacle/4956/
https://jvn.jp/en/vu/JVNVU94016877/

Impacted products

Vendor	Product
DMG MORI Digital Co., LTD. and NEXT Co., Ltd.	Cente TCP/IPv4
DMG MORI Digital Co., LTD. and NEXT Co., Ltd.	Cente TCP/IPv4 SNMPv2
DMG MORI Digital Co., LTD. and NEXT Co., Ltd.	Cente TCP/IPv4 SNMPv3
DMG MORI Digital Co., LTD. and NEXT Co., Ltd.	Cente IPv6
DMG MORI Digital Co., LTD. and NEXT Co., Ltd.	Cente IPv6 SNMPv2
DMG MORI Digital Co., LTD. and NEXT Co., Ltd.	Cente IPv6 SNMPv3

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.396Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cente.jp/obstacle/4963/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cente.jp/obstacle/4956/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/vu/JVNVU94016877/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cente:ipv6:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ipv6",
            "vendor": "cente",
            "versions": [
              {
                "lessThanOrEqual": "1.51",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cente:ipv6_snmpv2:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ipv6_snmpv2",
            "vendor": "cente",
            "versions": [
              {
                "lessThanOrEqual": "2.30",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cente:ipv6_snmpv3:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ipv6_snmpv3",
            "vendor": "cente",
            "versions": [
              {
                "lessThanOrEqual": "2.30",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cente:ipv4snmpv2:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ipv4snmpv2",
            "vendor": "cente",
            "versions": [
              {
                "lessThanOrEqual": "2.30",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cente:ipv4snmpv3:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ipv4snmpv3",
            "vendor": "cente",
            "versions": [
              {
                "lessThanOrEqual": "2.30",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cente:ipv4:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ipv4",
            "vendor": "cente",
            "versions": [
              {
                "lessThanOrEqual": "1.41",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-28957",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-07T15:53:21.774024Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-340",
                "description": "CWE-340 Generation of Predictable Numbers or Identifiers",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-29T20:06:59.433Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cente TCP/IPv4",
          "vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.1.41 and earlier"
            }
          ]
        },
        {
          "product": "Cente TCP/IPv4 SNMPv2",
          "vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.2.30 and earlier"
            }
          ]
        },
        {
          "product": "Cente TCP/IPv4 SNMPv3",
          "vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.2.30 and earlier"
            }
          ]
        },
        {
          "product": "Cente IPv6",
          "vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.1.51 and earlier"
            }
          ]
        },
        {
          "product": "Cente IPv6 SNMPv2",
          "vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.2.30 and earlier"
            }
          ]
        },
        {
          "product": "Cente IPv6 SNMPv3",
          "vendor": "DMG MORI Digital Co., LTD. and NEXT Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "Ver.2.30 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Generation of predictable identifiers issue exists in Cente middleware TCP/IP Network Series. If this vulnerability is exploited, a remote unauthenticated attacker may interfere communications by predicting some packet header IDs of the device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Generation of Predictable Numbers or Identifiers",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-15T10:48:59.978Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.cente.jp/obstacle/4963/"
        },
        {
          "url": "https://www.cente.jp/obstacle/4956/"
        },
        {
          "url": "https://jvn.jp/en/vu/JVNVU94016877/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-28957",
    "datePublished": "2024-04-15T10:48:59.978Z",
    "dateReserved": "2024-03-19T01:42:41.530Z",
    "dateUpdated": "2024-08-29T20:06:59.433Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.