CWE-749
Exposed Dangerous Method or Function
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
CVE-2016-9469 (GCVE-0-2016-9469)
Vulnerability from cvelistv5
Published
2017-03-28 02:46
Modified
2024-08-06 02:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-749 - Exposed Dangerous Method or Function ()
Summary
Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix was included in versions 8.14.3, 8.13.8, and 8.12.11, which were released on December 5th 2016 at 3:59 PST. The GitLab versions vulnerable to this are 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1, 8.14.2, and 8.14.2-ee.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | GitLab Community Edition & GitLab Enterprise Edition 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1 |
Version: GitLab Community Edition & GitLab Enterprise Edition 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T02:50:38.683Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/f325e4e734e5e486f3b02db176eb629124052b43" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/55196497301eea429913f9c4b1b37c42c2e358ce" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://about.gitlab.com/2016/12/05/cve-2016-9469/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://hackerone.com/reports/186194" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/25064" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/29ceb98b5162677601702704e89d845580372078" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GitLab Community Edition \u0026 GitLab Enterprise Edition 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1", "vendor": "n/a", "versions": [ { "status": "affected", "version": "GitLab Community Edition \u0026 GitLab Enterprise Edition 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1" } ] } ], "datePublic": "2017-03-27T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix was included in versions 8.14.3, 8.13.8, and 8.12.11, which were released on December 5th 2016 at 3:59 PST. The GitLab versions vulnerable to this are 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1, 8.14.2, and 8.14.2-ee." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-749", "description": "Exposed Dangerous Method or Function (CWE-749)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2017-03-28T02:57:01", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/f325e4e734e5e486f3b02db176eb629124052b43" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/55196497301eea429913f9c4b1b37c42c2e358ce" }, { "tags": [ "x_refsource_MISC" ], "url": "https://about.gitlab.com/2016/12/05/cve-2016-9469/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://hackerone.com/reports/186194" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/25064" }, { "tags": [ "x_refsource_MISC" ], "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/29ceb98b5162677601702704e89d845580372078" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "support@hackerone.com", "ID": "CVE-2016-9469", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "GitLab Community Edition \u0026 GitLab Enterprise Edition 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1", "version": { "version_data": [ { "version_value": "GitLab Community Edition \u0026 GitLab Enterprise Edition 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be exploited by an unauthenticated user. A fix was included in versions 8.14.3, 8.13.8, and 8.12.11, which were released on December 5th 2016 at 3:59 PST. The GitLab versions vulnerable to this are 8.13.0, 8.13.0-ee, 8.13.1, 8.13.1-ee, 8.13.2, 8.13.2-ee, 8.13.3, 8.13.3-ee, 8.13.4, 8.13.4-ee, 8.13.5, 8.13.5-ee, 8.13.6, 8.13.6-ee, 8.13.7, 8.14.0, 8.14.0-ee, 8.14.1, 8.14.2, and 8.14.2-ee." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Exposed Dangerous Method or Function (CWE-749)" } ] } ] }, "references": { "reference_data": [ { "name": "https://gitlab.com/gitlab-org/gitlab-ce/commit/f325e4e734e5e486f3b02db176eb629124052b43", "refsource": "MISC", "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/f325e4e734e5e486f3b02db176eb629124052b43" }, { "name": "https://gitlab.com/gitlab-org/gitlab-ce/commit/55196497301eea429913f9c4b1b37c42c2e358ce", "refsource": "MISC", "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/55196497301eea429913f9c4b1b37c42c2e358ce" }, { "name": "https://about.gitlab.com/2016/12/05/cve-2016-9469/", "refsource": "MISC", "url": "https://about.gitlab.com/2016/12/05/cve-2016-9469/" }, { "name": "https://hackerone.com/reports/186194", "refsource": "MISC", "url": "https://hackerone.com/reports/186194" }, { "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/25064", "refsource": "MISC", "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/25064" }, { "name": "https://gitlab.com/gitlab-org/gitlab-ce/commit/29ceb98b5162677601702704e89d845580372078", "refsource": "MISC", "url": "https://gitlab.com/gitlab-org/gitlab-ce/commit/29ceb98b5162677601702704e89d845580372078" } ] } } } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2016-9469", "datePublished": "2017-03-28T02:46:00", "dateReserved": "2016-11-19T00:00:00", "dateUpdated": "2024-08-06T02:50:38.683Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-10931 (GCVE-0-2018-10931)
Vulnerability from cvelistv5
Published
2018-08-09 20:00
Modified
2024-08-05 07:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
The Cobbler Project | cobbler |
Version: 2.6.x |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:54:35.798Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931" }, { "name": "RHSA-2018:2372", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2372" }, { "name": "FEDORA-2019-3cacfb34ad", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMWK5KCCZXOGOYNR2H6BWDSABTQ5NYJA/" }, { "name": "FEDORA-2019-cd24f60a94", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5Q4ACIVZ5D4KSUDLGRTOKGGB4U42SD/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "cobbler", "vendor": "The Cobbler Project", "versions": [ { "status": "affected", "version": "2.6.x" } ] } ], "datePublic": "2018-08-09T00:00:00", "descriptions": [ { "lang": "en", "value": "It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-749", "description": "CWE-749", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-09-11T22:06:10", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10931" }, { "name": "RHSA-2018:2372", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2372" }, { "name": "FEDORA-2019-3cacfb34ad", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMWK5KCCZXOGOYNR2H6BWDSABTQ5NYJA/" }, { "name": "FEDORA-2019-cd24f60a94", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5Q4ACIVZ5D4KSUDLGRTOKGGB4U42SD/" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-10931", "datePublished": "2018-08-09T20:00:00", "dateReserved": "2018-05-09T00:00:00", "dateUpdated": "2024-08-05T07:54:35.798Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2018-8868 (GCVE-0-2018-8868)
Vulnerability from cvelistv5
Published
2018-07-02 18:00
Modified
2025-05-22 18:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can exploit other vulnerabilities to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
► | Medtronic | 24950 MyCareLink Monitor |
Version: All versions |
||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T07:10:46.236Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "24950 MyCareLink Monitor", "vendor": "Medtronic", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unaffected", "product": "24952 MyCareLink Monitor", "vendor": "Medtronic", "versions": [ { "status": "affected", "version": "All versions" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Peter Morgan of Clever Security reported this vulnerability" } ], "datePublic": "2018-06-29T06:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003e\nMedtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor\u0027s communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can exploit other vulnerabilities to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality.\n\n\u003c/p\u003e" } ], "value": "Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor\u0027s communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can exploit other vulnerabilities to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-749", "description": "CWE-749", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-05-22T18:14:07.710Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert" }, "references": [ { "url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-6-28-18.html" }, { "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMedtronic will release several rolling over-the-air product updates that will mitigate the vulnerabilities described within this advisory. These updates will be applied to devices automatically as part of standard, reoccurring update processes. In addition, Medtronic has increased security monitoring of affected devices and related infrastructure. \u003c/span\u003e\n\n\u003c/div\u003e\n\n\u003cp\u003eMedtronic has released additional patient focused information, at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003ehttps://www.medtronic.com/security\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e" } ], "value": "Medtronic will release several rolling over-the-air product updates that will mitigate the vulnerabilities described within this advisory. These updates will be applied to devices automatically as part of standard, reoccurring update processes. In addition, Medtronic has increased security monitoring of affected devices and related infrastructure. \n\n\n\n\n\nMedtronic has released additional patient focused information, at the following location:\n\n https://www.medtronic.com/security" } ], "source": { "advisory": "ICSMA-18-179-01", "discovery": "EXTERNAL" }, "title": "Medtronic MyCareLink Patient Monitor Exposed Dangerous Method or Function", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eMedtronic recommends users take additional defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\u003c/p\u003e\u003cul\u003e\u003cli\u003eMaintain good physical controls over the home monitor as the best mitigation to these vulnerabilities. \u0026nbsp;\u003c/li\u003e\u003cli\u003eOnly use home monitors obtained directly from their healthcare provider or a Medtronic representative to ensure integrity of the system. \u003c/li\u003e\u003cli\u003eReport any concerning behavior regarding their home monitor to their healthcare provider or a Medtronic representative. \u003c/li\u003e\u003c/ul\u003e\u003cp\u003eMedtronic has released additional patient focused information, at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003ehttps://www.medtronic.com/security\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e" } ], "value": "Medtronic recommends users take additional defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Maintain good physical controls over the home monitor as the best mitigation to these vulnerabilities. \u00a0\n * Only use home monitors obtained directly from their healthcare provider or a Medtronic representative to ensure integrity of the system. \n * Report any concerning behavior regarding their home monitor to their healthcare provider or a Medtronic representative. \n\n\nMedtronic has released additional patient focused information, at the following location:\n\n https://www.medtronic.com/security" } ], "x_generator": { "engine": "Vulnogram 0.2.0" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-06-29T00:00:00", "ID": "CVE-2018-8870", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Medtronic MyCareLink Patient Monitor", "version": { "version_data": [ { "version_value": "24950 MyCareLink Monitor, all versions, 24952 MyCareLink Monitor, all versions." } ] } } ] }, "vendor_name": "ICS-CERT" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "USE OF HARD-CODED PASSWORD CWE-259" } ] } ] }, "references": { "reference_data": [ { "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01" } ] } } } }, "cveMetadata": { "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-8868", "datePublished": "2018-07-02T18:00:00Z", "dateReserved": "2018-03-20T00:00:00", "dateUpdated": "2025-05-22T18:14:07.710Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-10918 (GCVE-0-2019-10918)
Vulnerability from cvelistv5
Published
2019-05-14 19:54
Modified
2024-08-04 22:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-749 - Exposed Dangerous Method or Function
Summary
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions < V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions < V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions < V7.5 Upd 3). An authenticatd attacker with network access to the DCOM interface could execute arbitrary commands with SYSTEM privileges. The vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires authentication with a low-privileged user account and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
► | Siemens AG | SIMATIC PCS 7 V8.0 and earlier |
Version: All versions |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:40:15.144Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-08" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SIMATIC PCS 7 V8.0 and earlier", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC PCS 7 V8.1", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c V8.1 with WinCC V7.3 Upd 19" } ] }, { "product": "SIMATIC PCS 7 V8.2", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c V8.2 SP1 with WinCC V7.4 SP1 Upd11" } ] }, { "product": "SIMATIC PCS 7 V9.0", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c V9.0 SP2 with WinCC V7.4 SP1 Upd11" } ] }, { "product": "SIMATIC WinCC (TIA Portal) V13", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC WinCC (TIA Portal) V14", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c V14 SP1 Upd 9" } ] }, { "product": "SIMATIC WinCC (TIA Portal) V15", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Upd 3" } ] }, { "product": "SIMATIC WinCC Runtime Professional V13", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC WinCC Runtime Professional V14", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c V14.1 Upd 8" } ] }, { "product": "SIMATIC WinCC Runtime Professional V15", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c V15.1 Upd 3" } ] }, { "product": "SIMATIC WinCC V7.2 and earlier", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC WinCC V7.3", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c V7.3 Upd 19" } ] }, { "product": "SIMATIC WinCC V7.4", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c V7.4 SP1 Upd 11" } ] }, { "product": "SIMATIC WinCC V7.5", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c V7.5 Upd 3" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions \u003c V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions \u003c V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions \u003c V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions \u003c V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions \u003c V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions \u003c V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions \u003c V7.5 Upd 3). An authenticatd attacker with network access to the DCOM interface could execute arbitrary commands with SYSTEM privileges. The vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires authentication with a low-privileged user account and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-749", "description": "CWE-749: Exposed Dangerous Method or Function", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2019-10-23T19:28:42", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-08" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-10918", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SIMATIC PCS 7 V8.0 and earlier", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC PCS 7 V8.1", "version": { "version_data": [ { "version_value": "All versions \u003c V8.1 with WinCC V7.3 Upd 19" } ] } }, { "product_name": "SIMATIC PCS 7 V8.2", "version": { "version_data": [ { "version_value": "All versions \u003c V8.2 SP1 with WinCC V7.4 SP1 Upd11" } ] } }, { "product_name": "SIMATIC PCS 7 V9.0", "version": { "version_data": [ { "version_value": "All versions \u003c V9.0 SP2 with WinCC V7.4 SP1 Upd11" } ] } }, { "product_name": "SIMATIC WinCC (TIA Portal) V13", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC WinCC (TIA Portal) V14", "version": { "version_data": [ { "version_value": "All versions \u003c V14 SP1 Upd 9" } ] } }, { "product_name": "SIMATIC WinCC (TIA Portal) V15", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Upd 3" } ] } }, { "product_name": "SIMATIC WinCC Runtime Professional V13", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC WinCC Runtime Professional V14", "version": { "version_data": [ { "version_value": "All versions \u003c V14.1 Upd 8" } ] } }, { "product_name": "SIMATIC WinCC Runtime Professional V15", "version": { "version_data": [ { "version_value": "All versions \u003c V15.1 Upd 3" } ] } }, { "product_name": "SIMATIC WinCC V7.2 and earlier", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC WinCC V7.3", "version": { "version_data": [ { "version_value": "All versions \u003c V7.3 Upd 19" } ] } }, { "product_name": "SIMATIC WinCC V7.4", "version": { "version_data": [ { "version_value": "All versions \u003c V7.4 SP1 Upd 11" } ] } }, { "product_name": "SIMATIC WinCC V7.5", "version": { "version_data": [ { "version_value": "All versions \u003c V7.5 Upd 3" } ] } } ] }, "vendor_name": "Siemens AG" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions \u003c V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions \u003c V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All versions \u003c V9.0 SP2 with WinCC V7.4 SP1 Upd11), SIMATIC WinCC (TIA Portal) V13 (All versions), SIMATIC WinCC (TIA Portal) V14 (All versions \u003c V14 SP1 Upd 9), SIMATIC WinCC (TIA Portal) V15 (All versions \u003c V15.1 Upd 3), SIMATIC WinCC Runtime Professional V13 (All versions), SIMATIC WinCC Runtime Professional V14 (All versions \u003c V14.1 Upd 8), SIMATIC WinCC Runtime Professional V15 (All versions \u003c V15.1 Upd 3), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 (All versions \u003c V7.3 Upd 19), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Upd 11), SIMATIC WinCC V7.5 (All versions \u003c V7.5 Upd 3). An authenticatd attacker with network access to the DCOM interface could execute arbitrary commands with SYSTEM privileges. The vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires authentication with a low-privileged user account and no user interaction. An attacker could use the vulnerability to compromise confidentiality and integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-749: Exposed Dangerous Method or Function" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-697412.pdf" }, { "name": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-08", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-08" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-10918", "datePublished": "2019-05-14T19:54:48", "dateReserved": "2019-04-08T00:00:00", "dateUpdated": "2024-08-04T22:40:15.144Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-13945 (GCVE-0-2019-13945)
Vulnerability from cvelistv5
Published
2019-12-12 13:19
Modified
2024-08-05 00:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-749 - Exposed Dangerous Method or Function
Summary
A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family < V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) < 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions <= V2.2.2 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions <= V2.3.0 and Function State (FS) <= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions <= V2.5.0 and Function State (FS) <= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T00:05:44.067Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC S7-1200 CPU family \u003c V4.x (incl. SIPLUS variants)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "product": "SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions with Function State (FS) \u003c 11" } ] }, { "product": "SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3" } ] }, { "product": "SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3" } ] }, { "product": "SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c= V2.2.2 and Function State (FS) \u003c= 8" } ] }, { "product": "SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3" } ] }, { "product": "SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c= V2.2.2 and Function State (FS) \u003c= 10" } ] }, { "product": "SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3" } ] }, { "product": "SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 11" } ] }, { "product": "SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10" } ] }, { "product": "SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10" } ] }, { "product": "SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 12" } ] }, { "product": "SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9" } ] }, { "product": "SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9" } ] }, { "product": "SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8" } ] }, { "product": "SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0)", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8" } ] }, { "product": "SIMATIC S7-200 SMART CPU family", "vendor": "Siemens AG", "versions": [ { "status": "affected", "version": "All versions" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family \u003c V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) \u003c 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions \u003c= V2.2.2 and Function State (FS) \u003c= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions \u003c= V2.2.2 and Function State (FS) \u003c= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-749", "description": "CWE-749: Exposed Dangerous Method or Function", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-14T13:18:04", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2019-13945", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC S7-1200 CPU family \u003c V4.x (incl. SIPLUS variants)", "version": { "version_data": [ { "version_value": "All versions" } ] } }, { "product_name": "SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants)", "version": { "version_data": [ { "version_value": "All versions with Function State (FS) \u003c 11" } ] } }, { "product_name": "SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1)", "version": { "version_data": [ { "version_value": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3" } ] } }, { "product_name": "SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1)", "version": { "version_data": [ { "version_value": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3" } ] } }, { "product_name": "SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0)", "version": { "version_data": [ { "version_value": "All versions \u003c= V2.2.2 and Function State (FS) \u003c= 8" } ] } }, { "product_name": "SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1)", "version": { "version_data": [ { "version_value": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3" } ] } }, { "product_name": "SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0)", "version": { "version_data": [ { "version_value": "All versions \u003c= V2.2.2 and Function State (FS) \u003c= 10" } ] } }, { "product_name": "SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1)", "version": { "version_data": [ { "version_value": "All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3" } ] } }, { "product_name": "SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0)", "version": { "version_data": [ { "version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 11" } ] } }, { "product_name": "SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0)", "version": { "version_data": [ { "version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10" } ] } }, { "product_name": "SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0)", "version": { "version_data": [ { "version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10" } ] } }, { "product_name": "SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0)", "version": { "version_data": [ { "version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 12" } ] } }, { "product_name": "SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0)", "version": { "version_data": [ { "version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9" } ] } }, { "product_name": "SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0)", "version": { "version_data": [ { "version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9" } ] } }, { "product_name": "SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0)", "version": { "version_data": [ { "version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8" } ] } }, { "product_name": "SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0)", "version": { "version_data": [ { "version_value": "All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8" } ] } }, { "product_name": "SIMATIC S7-200 SMART CPU family", "version": { "version_data": [ { "version_value": "All versions" } ] } } ] }, "vendor_name": "Siemens AG" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family \u003c V4.x (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family V4.x (incl. SIPLUS variants) (All versions with Function State (FS) \u003c 11), SIMATIC S7-200 SMART CPU CR20s (6ES7 288-1CR20-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU CR30s (6ES7 288-1CR30-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU CR40 (6ES7 288-1CR40-0AA0) (All versions \u003c= V2.2.2 and Function State (FS) \u003c= 8), SIMATIC S7-200 SMART CPU CR40s (6ES7 288-1CR40-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU CR60 (6ES7 288-1CR60-0AA0) (All versions \u003c= V2.2.2 and Function State (FS) \u003c= 10), SIMATIC S7-200 SMART CPU CR60s (6ES7 288-1CR60-0AA1) (All versions \u003c= V2.3.0 and Function State (FS) \u003c= 3), SIMATIC S7-200 SMART CPU SR20 (6ES7 288-1SR20-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 11), SIMATIC S7-200 SMART CPU SR30 (6ES7 288-1SR30-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10), SIMATIC S7-200 SMART CPU SR40 (6ES7 288-1SR40-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 10), SIMATIC S7-200 SMART CPU SR60 (6ES7 288-1SR60-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 12), SIMATIC S7-200 SMART CPU ST20 (6ES7 288-1ST20-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9), SIMATIC S7-200 SMART CPU ST30 (6ES7 288-1ST30-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 9), SIMATIC S7-200 SMART CPU ST40 (6ES7 288-1ST40-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8), SIMATIC S7-200 SMART CPU ST60 (6ES7 288-1ST60-0AA0) (All versions \u003c= V2.5.0 and Function State (FS) \u003c= 8), SIMATIC S7-200 SMART CPU family (All versions). There is an access mode used during manufacturing of the affected devices that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-749: Exposed Dangerous Method or Function" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf" } ] } } } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-13945", "datePublished": "2019-12-12T13:19:51", "dateReserved": "2019-07-18T00:00:00", "dateUpdated": "2024-08-05T00:05:44.067Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-18342 (GCVE-0-2019-18342)
Vulnerability from cvelistv5
Published
2019-12-12 19:08
Modified
2024-08-05 01:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-749 - Exposed Dangerous Method or Function
Summary
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server
(CCS) does not properly limit its capabilities to the specified purpose.
In conjunction with CVE-2019-18341, an unauthenticated remote attacker with
network access to the CCS server could exploit this vulnerability
to read or delete arbitrary files, or access other resources on the same
server.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Siemens | Control Center Server (CCS) |
Version: All versions < V1.5.0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T01:54:13.423Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "Control Center Server (CCS)", "vendor": "Siemens", "versions": [ { "status": "affected", "version": "All versions \u003c V1.5.0" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Control Center Server (CCS) (All versions \u003c V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server\n(CCS) does not properly limit its capabilities to the specified purpose.\n\nIn conjunction with CVE-2019-18341, an unauthenticated remote attacker with\nnetwork access to the CCS server could exploit this vulnerability\nto read or delete arbitrary files, or access other resources on the same\nserver." } ], "metrics": [ { "cvssV3_1": { "baseScore": 9.9, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-749", "description": "CWE-749: Exposed Dangerous Method or Function", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-09T09:56:17.087Z", "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "shortName": "siemens" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf" } ] } }, "cveMetadata": { "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77", "assignerShortName": "siemens", "cveId": "CVE-2019-18342", "datePublished": "2019-12-12T19:08:49", "dateReserved": "2019-10-23T00:00:00", "dateUpdated": "2024-08-05T01:54:13.423Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-20923 (GCVE-0-2019-20923)
Vulnerability from cvelistv5
Published
2020-11-23 15:30
Modified
2024-09-16 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-749 - Exposed Dangerous Method or Function
Summary
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
MongoDB Inc. | MongoDB Server |
Version: 4.0 < 4.0.7 |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:mongodb:mongodb_server:4.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mongodb_server", "vendor": "mongodb", "versions": [ { "status": "affected", "version": "4.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2019-20923", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-22T17:28:47.037349Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-15T17:19:26.516Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-05T03:00:19.094Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://jira.mongodb.org/browse/SERVER-39481" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "MongoDB Server", "vendor": "MongoDB Inc.", "versions": [ { "lessThan": "4.0.7", "status": "affected", "version": "4.0", "versionType": "custom" } ] } ], "datePublic": "2020-11-30T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine\u0027s internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7.\u003c/p\u003e" } ], "value": "A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine\u0027s internals. This issue affects MongoDB Server v4.0 versions prior to 4.0.7." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-749", "description": "CWE-749 Exposed Dangerous Method or Function", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-23T15:01:36.205Z", "orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "shortName": "mongodb" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://jira.mongodb.org/browse/SERVER-39481" } ], "source": { "discovery": "INTERNAL" }, "title": "Crash while handling internal Javascript exception types", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@mongodb.com", "DATE_PUBLIC": "2020-11-30T14:00:00.000Z", "ID": "CVE-2019-20923", "STATE": "PUBLIC", "TITLE": "Crash while handling internal Javascript exception types" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "MongoDB Server", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "4.0", "version_value": "4.0.7" } ] } } ] }, "vendor_name": "MongoDB Inc." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine\u0027s internals. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.7." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-749 Exposed Dangerous Method or Function" } ] } ] }, "references": { "reference_data": [ { "name": "https://jira.mongodb.org/browse/SERVER-39481", "refsource": "CONFIRM", "url": "https://jira.mongodb.org/browse/SERVER-39481" } ] }, "source": { "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb", "assignerShortName": "mongodb", "cveId": "CVE-2019-20923", "datePublished": "2020-11-23T15:30:20.507217Z", "dateReserved": "2020-10-06T00:00:00", "dateUpdated": "2024-09-16T17:03:47.113Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2019-5015 (GCVE-0-2019-5015)
Vulnerability from cvelistv5
Published
2019-03-08 20:00
Modified
2024-09-16 19:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-749 - Exposed Dangerous Method or Function
Summary
A local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0's Install Helper helper tool. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine for a successful exploit.
References
► | URL | Tags | ||||||
---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Talos | Pixar Renderman |
Version: Renderman 22.3.0 for Mac OS X |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T19:40:49.177Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "107436", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/107436" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0773" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Pixar Renderman", "vendor": "Talos", "versions": [ { "status": "affected", "version": "Renderman 22.3.0 for Mac OS X" } ] } ], "datePublic": "2019-03-06T00:00:00", "descriptions": [ { "lang": "en", "value": "A local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0\u0027s Install Helper helper tool. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine for a successful exploit." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-749", "description": "CWE-749: Exposed Dangerous Method or Function", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-04-19T17:32:47", "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos" }, "references": [ { "name": "107436", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/107436" }, { "tags": [ "x_refsource_MISC" ], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0773" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "talos-cna@cisco.com", "DATE_PUBLIC": "2019-03-06T00:00:00", "ID": "CVE-2019-5015", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Pixar Renderman", "version": { "version_data": [ { "version_value": "Renderman 22.3.0 for Mac OS X" } ] } } ] }, "vendor_name": "Talos" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0\u0027s Install Helper helper tool. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine for a successful exploit." } ] }, "impact": { "cvss": { "baseScore": 9, "baseSeverity": "Critical", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-749: Exposed Dangerous Method or Function" } ] } ] }, "references": { "reference_data": [ { "name": "107436", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107436" }, { "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0773", "refsource": "MISC", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0773" } ] } } } }, "cveMetadata": { "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "cveId": "CVE-2019-5015", "datePublished": "2019-03-08T20:00:00Z", "dateReserved": "2019-01-04T00:00:00", "dateUpdated": "2024-09-16T19:04:24.135Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-10268 (GCVE-0-2020-10268)
Vulnerability from cvelistv5
Published
2020-06-16 17:55
Modified
2024-09-16 18:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that interfaces with the manipulator furthering the delay and increasing operational costs.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
KUKA Roboter GmbH | KR3R540, KRC4, KSS8.5.7HF1, Win7_Embedded |
Version: unspecified |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T10:58:40.108Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/aliasrobotics/RVD/issues/2550" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "KR3R540, KRC4, KSS8.5.7HF1, Win7_Embedded", "vendor": "KUKA Roboter GmbH", "versions": [ { "status": "affected", "version": "unspecified" } ] } ], "credits": [ { "lang": "en", "value": "Alias Robotics (group, https://aliasrobotics.com)" } ], "datePublic": "2020-06-16T00:00:00", "descriptions": [ { "lang": "en", "value": "Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that interfaces with the manipulator furthering the delay and increasing operational costs." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-749", "description": "CWE-749", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-06-16T17:55:11", "orgId": "dc524f69-879d-41dc-ab8f-724e78658a1a", "shortName": "Alias" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/aliasrobotics/RVD/issues/2550" } ], "source": { "defect": [ "RVD#2550" ], "discovery": "EXTERNAL" }, "title": "RVD#2550: Terminate Critical Services in KUKA controller KR C4", "x_ConverterErrors": { "cvssV3_0": { "error": "CVSSV3_0 data from v4 record is invalid", "message": "Malformed CVSS3 vector, trailing \"/\"" } }, "x_generator": { "engine": "Robot Vulnerability Database (RVD)" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@aliasrobotics.com", "DATE_PUBLIC": "2020-06-16T17:49:11 +00:00", "ID": "CVE-2020-10268", "STATE": "PUBLIC", "TITLE": "RVD#2550: Terminate Critical Services in KUKA controller KR C4" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "KR3R540, KRC4, KSS8.5.7HF1, Win7_Embedded", "version": { "version_data": [ { "version_value": "" } ] } } ] }, "vendor_name": "KUKA Roboter GmbH" } ] } }, "credit": [ { "lang": "eng", "value": "Alias Robotics (group, https://aliasrobotics.com)" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that interfaces with the manipulator furthering the delay and increasing operational costs." } ] }, "generator": { "engine": "Robot Vulnerability Database (RVD)" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "medium", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H/", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-749" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/aliasrobotics/RVD/issues/2550", "refsource": "CONFIRM", "url": "https://github.com/aliasrobotics/RVD/issues/2550" } ] }, "source": { "defect": [ "RVD#2550" ], "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "dc524f69-879d-41dc-ab8f-724e78658a1a", "assignerShortName": "Alias", "cveId": "CVE-2020-10268", "datePublished": "2020-06-16T17:55:11.700406Z", "dateReserved": "2020-03-10T00:00:00", "dateUpdated": "2024-09-16T18:59:43.071Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2020-12912 (GCVE-0-2020-12912)
Vulnerability from cvelistv5
Published
2020-11-12 19:08
Modified
2024-08-04 12:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-749 - Exposed Dangerous Method or Function
Summary
A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access.
References
► | URL | Tags | |||
---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
n/a | AMD extension to Linux "hwmon" for Zen1 platforms |
Version: Each Linux distro determines its own version. |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T12:11:18.792Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.amd.com/en/corporate/product-security" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "AMD extension to Linux \"hwmon\" for Zen1 platforms", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Each Linux distro determines its own version." } ] } ], "descriptions": [ { "lang": "en", "value": "A potential vulnerability in the AMD extension to Linux \"hwmon\" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-749", "description": "CWE-749: Exposed Dangerous Method or Function", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-11-12T19:08:57", "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "shortName": "AMD" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.amd.com/en/corporate/product-security" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@amd.com", "ID": "CVE-2020-12912", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "AMD extension to Linux \"hwmon\" for Zen1 platforms", "version": { "version_data": [ { "version_value": "Each Linux distro determines its own version." } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A potential vulnerability in the AMD extension to Linux \"hwmon\" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-749: Exposed Dangerous Method or Function" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.amd.com/en/corporate/product-security", "refsource": "MISC", "url": "https://www.amd.com/en/corporate/product-security" } ] } } } }, "cveMetadata": { "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648", "assignerShortName": "AMD", "cveId": "CVE-2020-12912", "datePublished": "2020-11-12T19:08:57", "dateReserved": "2020-05-15T00:00:00", "dateUpdated": "2024-08-04T12:11:18.792Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation
Phase: Architecture and Design
Description:
- If you must expose a method, make sure to perform input validation on all arguments, limit access to authorized parties, and protect against all possible vulnerabilities.
Mitigation
Phases: Architecture and Design, Implementation
Strategy: Attack Surface Reduction
Description:
- Identify all exposed functionality. Explicitly list all functionality that must be exposed to some user or set of users. Identify which functionality may be:
- Ensure that the implemented code follows these expectations. This includes setting the appropriate access modifiers where applicable (public, private, protected, etc.) or not marking ActiveX controls safe-for-scripting.
- accessible to all users
- restricted to a small set of privileged users
- prevented from being directly accessible at all
CAPEC-500: WebView Injection
An adversary, through a previously installed malicious application, injects code into the context of a web page displayed by a WebView component. Through the injected code, an adversary is able to manipulate the DOM tree and cookies of the page, expose sensitive information, and can launch attacks against the web application from within the web page.