Vulnerabilites related to tnbmobil - cockpit
Vulnerability from fkie_nvd
Published
2024-09-13 09:15
Modified
2024-09-19 13:05
Severity ?
Summary
Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable.This issue affects Cockpit Software: before v2.13.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| iletisim@usom.gov.tr | https://www.usom.gov.tr/bildirim/tr-24-1466 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tnbmobil:cockpit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E484796B-7183-4F77-BA2A-0F06B280373B",
"versionEndExcluding": "2.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable.This issue affects Cockpit Software: before v2.13."
},
{
"lang": "es",
"value": "La vulnerabilidad de uso de credenciales codificadas en el software Cockpit de TNB Mobile Solutions permite leer cadenas confidenciales dentro de un ejecutable. Este problema afecta a Cockpit Software: antes de v2.13."
}
],
"id": "CVE-2024-6656",
"lastModified": "2024-09-19T13:05:44.953",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "iletisim@usom.gov.tr",
"type": "Secondary"
}
]
},
"published": "2024-09-13T09:15:14.487",
"references": [
{
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
],
"url": "https://www.usom.gov.tr/bildirim/tr-24-1466"
}
],
"sourceIdentifier": "iletisim@usom.gov.tr",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "iletisim@usom.gov.tr",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-05 09:15
Modified
2024-11-21 08:50
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before v0.251.1.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| iletisim@usom.gov.tr | https://www.usom.gov.tr/bildirim/tr-24-0601 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.usom.gov.tr/bildirim/tr-24-0601 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tnbmobil:cockpit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD0B9EF1-1C4D-4A5F-AB09-943514CDDBAB",
"versionEndExcluding": "0.251.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before v0.251.1."
},
{
"lang": "es",
"value": "La inclusi\u00f3n de informaci\u00f3n confidencial en la vulnerabilidad del c\u00f3digo fuente en TNB Mobile Solutions Cockpit Software permite recuperar datos confidenciales incrustados. Este problema afecta a Cockpit Software: anterior a v0.251.1."
}
],
"id": "CVE-2024-1272",
"lastModified": "2024-11-21T08:50:12.417",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "iletisim@usom.gov.tr",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-05T09:15:09.620",
"references": [
{
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
],
"url": "https://www.usom.gov.tr/bildirim/tr-24-0601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.usom.gov.tr/bildirim/tr-24-0601"
}
],
"sourceIdentifier": "iletisim@usom.gov.tr",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-540"
}
],
"source": "iletisim@usom.gov.tr",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-6656 (GCVE-0-2024-6656)
Vulnerability from cvelistv5
Published
2024-09-13 08:44
Modified
2024-09-13 14:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Summary
Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable.This issue affects Cockpit Software: before v2.13.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TNB Mobile Solutions | Cockpit Software |
Version: 0 < v2.13 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tnb_mobile_solutions:cockpit_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cockpit_software",
"vendor": "tnb_mobile_solutions",
"versions": [
{
"lessThan": "2.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T14:05:07.880266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T14:06:04.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cockpit Software",
"vendor": "TNB Mobile Solutions",
"versions": [
{
"lessThan": "v2.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yusuf Kamil \u00c7AVU\u015eO\u011eLU"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable.\u003cp\u003eThis issue affects Cockpit Software: before v2.13.\u003c/p\u003e"
}
],
"value": "Use of Hard-coded Credentials vulnerability in TNB Mobile Solutions Cockpit Software allows Read Sensitive Strings Within an Executable.This issue affects Cockpit Software: before v2.13."
}
],
"impacts": [
{
"capecId": "CAPEC-191",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-191 Read Sensitive Strings Within an Executable"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T08:44:43.942Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-1466"
}
],
"source": {
"advisory": "TR-24-1466",
"defect": [
"TR-24-1466"
],
"discovery": "UNKNOWN"
},
"title": "Hardcoded Credentals in TNB Mobile Solutions\u0027 Cockpit Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2024-6656",
"datePublished": "2024-09-13T08:44:43.942Z",
"dateReserved": "2024-07-10T14:10:29.216Z",
"dateUpdated": "2024-09-13T14:06:04.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1272 (GCVE-0-2024-1272)
Vulnerability from cvelistv5
Published
2024-06-05 08:28
Modified
2024-08-01 18:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-540 - Inclusion of Sensitive Information in Source Code
Summary
Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before v0.251.1.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TNB Mobile Solutions | Cockpit Software |
Version: 0 < v0.251.1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tnb_mobile_solutions:cockpit_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cockpit_software",
"vendor": "tnb_mobile_solutions",
"versions": [
{
"lessThan": "0.251.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T13:27:38.217095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T13:39:37.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:33:25.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.usom.gov.tr/bildirim/tr-24-0601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cockpit Software",
"vendor": "TNB Mobile Solutions",
"versions": [
{
"lessThan": "v0.251.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yusuf Kamil \u00c7AVU\u015eO\u011eLU"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.\u003cp\u003eThis issue affects Cockpit Software: before v0.251.1.\u003c/p\u003e"
}
],
"value": "Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data.This issue affects Cockpit Software: before v0.251.1."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-540",
"description": "CWE-540 Inclusion of Sensitive Information in Source Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T08:28:39.699Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0601"
}
],
"source": {
"advisory": "TR-24-0601",
"defect": [
"TR-24-0601"
],
"discovery": "UNKNOWN"
},
"title": "Information Disclosure to Source Code in TNB Mobile Solutions\u0027 Cockpit Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2024-1272",
"datePublished": "2024-06-05T08:28:39.699Z",
"dateReserved": "2024-02-06T12:32:59.239Z",
"dateUpdated": "2024-08-01T18:33:25.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}